A Primary Research Primer on Cybersecurity for Investment Professionals

Cybersecurity is the set of technologies, processes, and services that protect digital systems, networks, and data from unauthorised access, damage, and disruption. The global market for these products reached $245 billion in 2024 and will exceed $350 billion by 2030 at a 9-14% CAGR depending on whether managed services are included in the count. What has brought this sector to the centre of institutional portfolios is not just the growth rate but the structural shift in how enterprises buy: the market is consolidating from fragmented point solutions onto integrated platforms, and the companies that win platform deals are compounding ARR at rates that make the headline multiples look more defensible than they appear. This primer walks through how the sector is structured, what the unit economics look like, who the major players are, and what a well-constructed primary research programme needs to ask. Woozle has run expert calls, channel checks, and CISO surveys across this space for long/short equity funds, specialist technology pods, and PE deal teams.

What Is Cybersecurity?

Cybersecurity companies sell protection against digital attacks. The product takes many forms: software agents running on laptops and servers, cloud-delivered filters that sit between employees and the internet, platforms that log every event across an organisation's infrastructure and flag anomalies, and services where a third-party team monitors and responds on the client's behalf. The common thread is that every enterprise, government, and financial institution is a potential customer, and the cost of not buying is existential.

The global market is contested by market researchers with different scoping methodologies. Fortune Business Insights pegged the market at $245.6 billion in 2024; Gartner's end-user spending forecast for 2025 was $212 billion using a narrower product-only lens. The number to anchor on is the growth rate, not the absolute figure: 15% year-on-year spending growth in 2025 per Gartner, driven by AI-related threat surface expansion and regulatory pressure from frameworks including NIS2 in Europe and DORA for financial services.

The industry splits into five primary segments. Network security, including firewalls and Secure Access Service Edge (SASE), was a $28 billion market in 2024. Endpoint security, covering the software that protects laptops and servers, sat at roughly $27 billion. Identity and Access Management (IAM) reached $20 billion. Cloud security, the fastest-growing segment at over $35 billion in 2024, is on track to double by 2030. Security Operations technology, including SIEM, SOAR, and extended detection and response (XDR), accounts for another $12-20 billion depending on classification.

The counterintuitive fact about where the money sits: services and renewals, not initial licences, carry the economics. Gross margins on software subscriptions run 73-78% for the best SaaS vendors. Professional services and managed security services typically print 20-35% gross margins, a fact that matters enormously when comparing a platform vendor's reported blended margin against a pure-product peer.

Why Are Investors Looking At This?

Three things changed between 2020 and 2025 that made cybersecurity a structural allocation rather than a tactical trade. The first was the migration of enterprise workloads to the cloud, which destroyed the concept of a network perimeter and made every identity a potential attack vector. The second was the ransomware industrialisation of the late 2010s, which converted cybersecurity spending from discretionary to non-negotiable in board-level conversations. The third was AI, which expanded the attack surface on both sides: defenders use it to correlate signals at machine speed, and attackers use it to generate phishing campaigns and probe vulnerabilities at industrial scale. The mean time from CVE publication to active exploitation dropped below 24 hours for critical vulnerabilities in 2025.

The return profile has historically split along architectural lines. Platform vendors with sticky multi-year contracts and high net revenue retention, CrowdStrike and Zscaler being the canonical examples, have traded at 10-20x NTM revenue. Network security hardware vendors such as Fortinet and Check Point have traded at 5-7x. The dispersion reflects both growth rate differences and the fundamental distinction between software economics and hardware-refresh economics. CrowdStrike posted $4.8 billion in ARR for FY2025 at 23% growth. Palo Alto Networks reached $9.9 billion in revenue for FY2025 with its next-generation security ARR growing 29% year-on-year. These are not small-base growth stories.

The live bull-bear debate as of mid-2026 centres on one question: does AI expand the addressable market for incumbent platforms, or does it compress it? Bulls argue that every new AI deployment, every agentic workflow, and every large language model running in a production environment creates a new attack surface that CISOs must protect, and that the same platform vendors already embedded in the enterprise stack are the logical beneficiaries. Bears point to the "built-in utility" thesis: if frontier AI providers and cloud hyperscalers begin bundling security capabilities directly into their infrastructure offerings, standalone security vendors face margin pressure not from a competing product but from a structural shift in where security is consumed. Both theses are live. Neither has been definitively resolved by the data yet.

The sharpest recent data point: pure-play cybersecurity stocks underperformed the S&P 500 by 6.5% in 2025 as a group, according to Return on Security's RoS Cyber Index, even as the sector raised $25 billion in venture funding and completed $76 billion in M&A. The divergence between private market enthusiasm and public market performance is the live tension that primary research can help resolve.