During the gold rush, the real winners weren’t always the miners striking gold—it was often the merchants selling shovels and picks.
In today’s AI boom, the biggest beneficiaries aren’t just those building AI models but also the companies providing the infrastructure—data centres, semiconductors, and GPUs. But alongside this growth, AI’s rapid adoption also introduces new vulnerabilities, making cybersecurity more critical than ever.
In the same way gold prospectors had to protect their wealth from highwaymen, today’s AI-driven companies must defend their digital assets from increasingly sophisticated cyber threats. And just as AI is reshaping industries, it’s also transforming how cybersecurity firms fight back.
From real-time threat detection to predictive defence, cybersecurity companies are now leveraging AI to stay ahead of attackers—enhancing protection and minimising risks in ways that weren’t possible before. As AI’s influence expands, cybersecurity is becoming a key investment theme, one that could play a defining role in securing the AI-driven economy.
The intersection of AI and cybersecurity
If you’ve ever wondered why so many companies are leaning into AI for security, some of the industry leaders have already mapped it out.
Take Palo Alto Networks, one of the biggest names in cybersecurity. They highlight three key ways AI is stepping up¹:
- Smarter Threat Detection: AI isn’t just about flagging threats; it customises security protocols for different environments, reacts in real-time, and focuses on the big risks first. Basically, it’s like having a super-alert security guard who knows where to look.
- Proactive Defence: AI processes insane amounts of data quickly, catching patterns and anomalies before they turn into full-blown disasters. It’s like giving your team a crystal ball that learns from past breaches and predicts what’s coming.
- Fewer False Alarms: You know those annoying alerts that turn out to be nothing? AI cuts down on those. It’s much better at figuring out what’s real, so your team isn’t stuck chasing ghosts.
Sophos backs this up and adds a key point²: AI isn’t here to replace humans, but to help them as a force multiplier. Think of it as a powerful sidekick that turns weeks of work into hours by analysing data way faster than people can.
This is a big deal for tools like signature-based detection systems—the ones that look for known threats in network traffic. These systems are great for spotting what’s already in the database, but they struggle with new threats (zero-day attacks) and can trigger too many false positives. AI fixes that by spotting new patterns and keeping things efficient.
And then there’s Microsoft (NASDAQ:MSFT), which takes it even further with generative AI³—basically, AI that can create new content or ideas based on what it already knows. Microsoft says this is a game-changer because security teams don’t need to manually query data anymore. Instead, they can just ask the AI direct questions in plain English, and it’ll pull up what they need.
Microsoft also breaks down six specific ways AI is making cybersecurity better:
- Identity and Access Management: Stops unauthorised users from sneaking in.
- Endpoint Security: Protects devices like laptops and smartphones from malware.
- Cloud Security: Keeps cloud systems safe from breaches and vulnerabilities.
- Cyberthreat Detection: Spots phishing, ransomware, and other nasties before they hit.
- Information Protection: Secures sensitive data so it doesn’t get leaked.
- Incident Investigation & Response: Cuts down response times from days to minutes.
So, why does all this matter? AI isn’t just another buzzword in cybersecurity—it’s becoming a must-have. It automates tasks, learns as it goes, and helps teams focus on the threats that matter most. In an age where cyberattacks are more sophisticated than ever, AI might just be the ultimate security upgrade.
How to invest in cybersecurity
If you’re looking to add cybersecurity exposure to your portfolio, a broader thematic ETF might not give you the focus you’re after. Instead, consider a more targeted option like the L&G Cyber Security UCITS ETF (LON:ISPY).
ISPY is a physically backed, fully replicated ETF denominated in USD, offered as an accumulating share class. It’s one of the larger players in this space, managing $2.7 billion in assets under management (AUM).
The fund tracks the ISE Cyber Security UCITS Index, which classifies companies into two key categories:
- Infrastructure Providers: These are companies developing the hardware and software that protect access to files, websites, and networks.
- Service Providers: These firms specialise in consulting and offering secure, cyber-based services.
To ensure quality, ISPY screens for company size (market capitalisation) and liquidity (trading volume). Holdings are weighted based on the size of each category and then equally weighted within those categories.
Top holdings include familiar cybersecurity giants like Broadcom (NASDAQ:AVGO), Cloudflare (NYSE:NET), Fortinet (NASDAQ:FTNT), Cisco (NASDAQ:CSCO), and Palo Alto Networks—true heavyweights in the industry.
The L&G Cyber Security UCITS ETF (the "Fund") is a passively managed exchange traded fund ("ETF") that aims to track the performance of the ISE Cyber Security® UCITS Index Net Total Return (the "Index"), subject to the deduction of the ongoing charges and other costs associated with operating the Fund.
Over the trailing five-year period ending 31 December, 2024, ISPY delivered an impressive annualised return of 11.34%, making it a strong contender for anyone looking to tap into the growing demand for cybersecurity solutions. Past performance is not a guide to future performance.