A Primary Research Primer on Cybersecurity for Investment Professionals

Cybersecurity is the set of technologies, processes, and services that protect digital systems, networks, and data from unauthorised access, damage, and disruption. The global market for these products reached $245 billion in 2024 and will exceed $350 billion by 2030 at a 9-14% CAGR depending on whether managed services are included in the count. What has brought this sector to the centre of institutional portfolios is not just the growth rate but the structural shift in how enterprises buy: the market is consolidating from fragmented point solutions onto integrated platforms, and the companies that win platform deals are compounding ARR at rates that make the headline multiples look more defensible than they appear. This primer walks through how the sector is structured, what the unit economics look like, who the major players are, and what a well-constructed primary research programme needs to ask. Woozle has run expert calls, channel checks, and CISO surveys across this space for long/short equity funds, specialist technology pods, and PE deal teams.

What Is Cybersecurity?

Cybersecurity companies sell protection against digital attacks. The product takes many forms: software agents running on laptops and servers, cloud-delivered filters that sit between employees and the internet, platforms that log every event across an organisation's infrastructure and flag anomalies, and services where a third-party team monitors and responds on the client's behalf. The common thread is that every enterprise, government, and financial institution is a potential customer, and the cost of not buying is existential.

The global market is contested by market researchers with different scoping methodologies. Fortune Business Insights pegged the market at $245.6 billion in 2024; Gartner's end-user spending forecast for 2025 was $212 billion using a narrower product-only lens. The number to anchor on is the growth rate, not the absolute figure: 15% year-on-year spending growth in 2025 per Gartner, driven by AI-related threat surface expansion and regulatory pressure from frameworks including NIS2 in Europe and DORA for financial services.

The industry splits into five primary segments. Network security, including firewalls and Secure Access Service Edge (SASE), was a $28 billion market in 2024. Endpoint security, covering the software that protects laptops and servers, sat at roughly $27 billion. Identity and Access Management (IAM) reached $20 billion. Cloud security, the fastest-growing segment at over $35 billion in 2024, is on track to double by 2030. Security Operations technology, including SIEM, SOAR, and extended detection and response (XDR), accounts for another $12-20 billion depending on classification.

The counterintuitive fact about where the money sits: services and renewals, not initial licences, carry the economics. Gross margins on software subscriptions run 73-78% for the best SaaS vendors. Professional services and managed security services typically print 20-35% gross margins, a fact that matters enormously when comparing a platform vendor's reported blended margin against a pure-product peer.

Why Are Investors Looking At This?

Three things changed between 2020 and 2025 that made cybersecurity a structural allocation rather than a tactical trade. The first was the migration of enterprise workloads to the cloud, which destroyed the concept of a network perimeter and made every identity a potential attack vector. The second was the ransomware industrialisation of the late 2010s, which converted cybersecurity spending from discretionary to non-negotiable in board-level conversations. The third was AI, which expanded the attack surface on both sides: defenders use it to correlate signals at machine speed, and attackers use it to generate phishing campaigns and probe vulnerabilities at industrial scale. The mean time from CVE publication to active exploitation dropped below 24 hours for critical vulnerabilities in 2025.

The return profile has historically split along architectural lines. Platform vendors with sticky multi-year contracts and high net revenue retention, CrowdStrike and Zscaler being the canonical examples, have traded at 10-20x NTM revenue. Network security hardware vendors such as Fortinet and Check Point have traded at 5-7x. The dispersion reflects both growth rate differences and the fundamental distinction between software economics and hardware-refresh economics. CrowdStrike posted $4.8 billion in ARR for FY2025 at 23% growth. Palo Alto Networks reached $9.9 billion in revenue for FY2025 with its next-generation security ARR growing 29% year-on-year. These are not small-base growth stories.

The live bull-bear debate as of mid-2026 centres on one question: does AI expand the addressable market for incumbent platforms, or does it compress it? Bulls argue that every new AI deployment, every agentic workflow, and every large language model running in a production environment creates a new attack surface that CISOs must protect, and that the same platform vendors already embedded in the enterprise stack are the logical beneficiaries. Bears point to the "built-in utility" thesis: if frontier AI providers and cloud hyperscalers begin bundling security capabilities directly into their infrastructure offerings, standalone security vendors face margin pressure not from a competing product but from a structural shift in where security is consumed. Both theses are live. Neither has been definitively resolved by the data yet.

The sharpest recent data point: pure-play cybersecurity stocks underperformed the S&P 500 by 6.5% in 2025 as a group, according to Return on Security's RoS Cyber Index, even as the sector raised $25 billion in venture funding and completed $76 billion in M&A. The divergence between private market enthusiasm and public market performance is the live tension that primary research can help resolve.

The unit economics of cybersecurity look straightforward at the subscription layer. They are not. The gap between what a vendor reports as gross margin and what the business actually earns at the customer level, once professional services delivery, implementation, and ongoing customer success costs are loaded in, can run to 20 margin points. That gap determines which companies are genuinely compounding and which are running a sales machine that obscures the true cost of keeping customers. The question bank in this primer includes the exact questions that get past investor day talking points on this topic.

How the Industry Actually Works

The Business Model

Cybersecurity vendors primarily sell annual or multi-year software subscriptions. The pricing unit varies by segment: endpoint security is typically priced per device per year, identity platforms charge per user, cloud security products often price on data volume or number of workloads, and SIEM platforms have historically charged on data ingestion volume, a model that became a material customer complaint as log volumes exploded. A standard enterprise endpoint security deal at a company with 5,000 seats runs $25-40 per seat per year at list price; negotiated prices for competitive displacements frequently run 30-50% below list. Multi-year platform deals, where an enterprise signs a 3-year agreement covering endpoint, identity, and cloud security from a single vendor, are increasingly the unit of competition among the Tier 1 players.

Renewal economics drive the model. Customers who have deployed a security agent across 10,000 endpoints, integrated the vendor's API into their SIEM, and trained their SOC analysts on the tooling do not switch easily. Gross retention rates at the best pure-play SaaS vendors run 90-95%. Net revenue retention, which captures the expansion from adding modules or seats to the existing base, runs 115-130% at the top quartile. This is the land-and-expand model: win the endpoint deal, add identity protection, add cloud workload protection, eventually pitch the full platform. CrowdStrike's Falcon platform is the clearest execution of this playbook, having expanded from EDR into 22 separate modules available on a single agent.

The Value Chain

The supply chain for cybersecurity software is largely intangible. The critical inputs are threat intelligence data, engineering talent, and cloud infrastructure. Threat intelligence, the ongoing feed of information about attacker techniques, malware signatures, and compromised credentials, is either proprietary (generated from a vendor's own deployed sensor network) or purchased from specialist firms. CrowdStrike's threat intelligence operation, Falcon Intelligence, processes signals from its 29,000-customer installed base. That telemetry data is a genuine competitive moat: a vendor with one-tenth the installed base simply has one-tenth the signal. Cloud infrastructure costs, primarily AWS, Azure, and Google Cloud egress and compute, run 10-20% of revenue at scale for most SaaS security vendors.

The distribution layer matters more than in most software segments. Channel partners, including MSSPs (Managed Security Service Providers), resellers, and system integrators, deliver roughly 70% of cybersecurity revenue to market for most vendors. The MSSP model is structurally important: two-thirds of enterprise security programmes use an MSSP, particularly mid-market organisations that cannot staff a 24/7 SOC internally. Vendors that build tight MSSP partnerships, such as CrowdStrike through its AWS Marketplace channel ($1.5 billion in contract value) and Palo Alto Networks through its NextWave programme, gain a distribution advantage that is difficult for new entrants to replicate.

The Competitive Dynamic

The sector is undergoing deliberate consolidation by enterprise buyers. Nearly 70% of CISOs surveyed by IANS Research in 2025 had consolidated or were consolidating their security tool stack onto integrated platforms. The average enterprise runs 70-100 security tools, a management burden that absorbs analyst time and creates integration gaps that attackers exploit. The platform consolidation trade benefits vendors that can credibly replace multiple point solutions, CrowdStrike, Palo Alto Networks, and Microsoft Security being the primary beneficiaries. The competitive risk runs in the opposite direction for point-solution vendors: a SIEM vendor that cannot also offer SOAR and XDR is increasingly vulnerable to displacement by a platform vendor offering the combined capability at lower total cost.

Geographic concentration is unusually high. The US and Israel together absorbed 91% of global cybersecurity venture funding in 2025. Israeli firms, including Check Point, Wiz (acquired by Google for $32 billion), and a cohort of Series A and B-stage startups, punch far above their weight given the country's military intelligence pipeline into the private sector.

Unit Economics

Revenue in cybersecurity is almost entirely subscription-based at the pure-play software vendors. Contract durations for enterprise accounts run 12-36 months, with multi-year deals carrying modest discounts of 5-15% against annual pricing. Average contract values vary by segment: endpoint security at enterprise scale averages $25-40K ACV for mid-market accounts and well over $200K for large enterprise deals. Identity platforms such as CyberArk, with $1.44 billion in ARR and an average customer spending of roughly $72K per year based on Rapid7's comparable account metrics, show the mid-market ceiling before hyperscaler competition enters. Cloud security platforms command $40-75K ACV for mid-market buyers.

Gross margins at the pure-play SaaS vendors run 73-78% on the product subscription line. CyberArk's subscription ARR grew 30% in 2025; its non-GAAP gross margin on product subscriptions runs approximately 75%. Rapid7 reported 74-75% non-GAAP product subscription gross margins in 2025. Managed Detection and Response (MDR) services, where human analysts do the monitoring, carry 50-60% gross margins, a function of the labour intensity. The weighted average blended margin at vendors with large professional services practices falls to 65-70%, and this is the line that separates the high-multiple SaaS operators from the services-heavy platforms.

R&D spend runs 25-35% of revenue at growth-stage vendors, roughly 5-10 percentage points above the enterprise SaaS average. The threat landscape requires constant product investment: a vulnerability that didn't exist two years ago, post-quantum cryptography, AI agent traffic interception, requires new capabilities. This R&D intensity limits operating leverage in the early scaling phase and is one reason that many cybersecurity companies report GAAP operating losses well into maturity.

Free cash flow conversion is the metric that separates the genuine compounders. CrowdStrike, Zscaler, and Palo Alto Networks all generate strong free cash flow against their non-GAAP earnings because of the deferred revenue dynamics of annual prepayment contracts. Customers who pay 12 months upfront create a cash collection timing advantage that is not reflected in reported GAAP revenue. Net new ARR, the net change in annualised recurring revenue over a period, is the leading indicator that the market watches most closely for these platforms.

Annual Recurring Revenue (ARR). The annualised value of active subscription contracts at period end. ARR is the primary sizing metric for platform vendors and is what acquisition valuations are anchored to. CyberArk ended 2025 at $1.44 billion ARR, growing 23%. CrowdStrike guided FY2026 to approximately $4.8 billion.

Net Revenue Retention (NRR). The percentage of ARR from existing customers retained and expanded over a 12-month period. NRR above 120% signals a healthy land-and-expand motion. NRR below 110% typically indicates a product breadth problem or pricing pressure from platform competition. CrowdStrike and Zscaler have historically reported NRR above 120%.

Gross Revenue Retention (GRR). The percentage of ARR retained from existing customers before expansion revenue. GRR below 90% indicates material churn, which compounds destructively in a subscription model. The security sector norm for GRR at enterprise-focused vendors is 90-95%.

Net New ARR. The sequential change in ARR. This is the forward-looking number the market prices off. A deceleration in net new ARR often precedes a revenue miss by two to three quarters given the lag between booking and revenue recognition.

Rule of 40. The sum of ARR growth rate and free cash flow margin. Investors use this as a blended efficiency metric. Companies above 40 are considered efficiently scaling; top-quartile cybersecurity platforms score 50-70 on this measure. At Q4 2025, CrowdStrike's Rule of 40 score sat above 50.

CAC Payback Period. The months required for new ARR to cover customer acquisition costs. Median for cybersecurity SaaS is roughly 20 months; top-quartile efficiency is 12 months or below. Companies with CAC payback above 24 months are consuming capital to fund growth at rates that make the economics fragile in a slower funding environment.

EV/NTM Revenue Multiple. The market's pricing of forward revenue. Cloud-native security platforms traded at approximately 13.9x NTM revenue in late 2025. Network security vendors, dragged by hardware refresh cycles, traded closer to 5.8x. Identity platforms sat around 10.5x. The dispersion reflects both growth rate differentials and the market's view on which business models have durable pricing power.

Key Players

The global cybersecurity market has three or four companies that are structurally dominant, a cohort of twelve to fifteen meaningful mid-size specialists, and several hundred venture-backed companies at various stages of building or pivoting. Public companies are US-listed by the large majority. Israel is the primary source of private company innovation and disproportionately supplies the M&A pipeline for US strategics and PE.

Tier 1: Global Platform Leaders

Microsoft Security generates an estimated $20-37 billion in annual security revenue, making it by far the largest cybersecurity vendor globally, though the exact figure depends on how Microsoft allocates revenue across its bundled M365 and Azure products. Its competitive position rests on distribution, not on best-of-breed product leadership: enterprises running Microsoft 365 can activate Defender for Endpoint, Sentinel SIEM, and Entra identity management at marginal cost, making Microsoft the rational incumbent vendor for price-sensitive buyers. The strategic risk for pure-play competitors is that Microsoft's bundle pricing compresses ASP across the industry.

Palo Alto Networks generated $9.9 billion in FY2025 revenue growing 15.4%, with its next-generation security ARR reaching $5.9 billion at 29% growth. It leads six or more Gartner Magic Quadrant categories simultaneously, covering network firewall, SASE, cloud-native application protection (CNAPP), XDR, and SIEM. Its platformisation strategy, signing large enterprises to consolidated multi-product deals that displace multiple point vendors, is the most advanced execution of the consolidation thesis among pure-play operators. Its $25 billion acquisition of CyberArk, closed in early 2026, extended its reach into privileged access management.

CrowdStrike reported $4.8 billion in ARR for FY2025 at 23% growth, serving over 29,000 customers across 230 countries. The Falcon platform deploys a single lightweight agent and delivers 22 modules including endpoint detection, identity threat detection, cloud workload protection, and threat intelligence. The July 2024 Faulty Falcon sensor update caused a global IT outage affecting 8.5 million Windows devices, the largest in IT history, and cost the company approximately $30 million in customer credits. The fact that CrowdStrike retained the vast majority of its customer base is the strongest empirical test of enterprise switching costs in the sector's history.

Tier 2: Specialist and Category Leaders

Zscaler operates the cloud-native Zero Trust Exchange, a SASE and ZTNA platform that routes enterprise internet traffic through its own global network rather than through a corporate data centre. ARR reached $3 billion at 22% growth in FY2025. The company competes directly with Palo Alto Networks and Cisco in the SASE category. Its architectural argument, that the concept of a corporate network perimeter is obsolete and that security must be delivered at the identity and application layer, is now consensus but was contrarian when founder Jay Chaudhry launched the product in 2007.

Fortinet generated approximately $6 billion in FY2025 revenue and holds a 28.4% share of the network security appliance market, the largest share in the category, per Omdia. Its FortiGate firewall franchise dominates mid-market and OT security. With 25% of its installed base due for hardware refresh over the next two years, Fortinet has an unusually well-telegraphed revenue cycle. The bear case is that SASE adoption eats into hardware firewall volumes faster than the refresh cycle compensates.

Okta is the standalone identity and access management leader outside of Microsoft's ecosystem. The company processes 100 billion identity authentications monthly across its Workforce Identity and Customer Identity platforms. Its core vulnerability is Microsoft Entra, which bundles comparable IAM functionality for Microsoft-stack enterprises at effectively zero marginal cost. Okta's durable edge is in heterogeneous environments and in the customer identity (CIAM) market where Microsoft does not compete directly.

Check Point Software, founded in 1993, generates approximately $2.5 billion in annual revenue and has historically prioritised profitability over growth, operating at non-GAAP operating margins above 40%. It is the original inventor of the stateful firewall. The stock trades at a discount to growth peers, which is the correct pricing for a company growing mid-single digits in a double-digit growth market, and is typically the short side of the long/short trade within cybersecurity.

Tier 3: Private and Emerging Players

Wiz, acquired by Google for $32 billion in 2025 (the largest cybersecurity acquisition in history), reached approximately $500 million in ARR from a standing start in 2020, making it the fastest-growing enterprise software company on record. Its CNAPP product mapped cloud misconfigurations and attack paths in multi-cloud environments with minimal deployment friction. The acquisition valuation implies roughly 64x ARR, a figure that functions as the strategic ceiling for best-in-class cloud security assets.

Illumio focuses on micro-segmentation, a zero-trust architecture that limits lateral movement within an enterprise network once an attacker has breached the perimeter. The company was valued at approximately $2.75 billion in its last private round and serves financial services and healthcare customers where ransomware containment is a board-level mandate. It is the category leader in a niche where the incumbent vendors (Palo Alto, CrowdStrike) have not yet built a compelling alternative.

SentinelOne is the primary public-market challenger to CrowdStrike in the EDR/XDR segment. Revenue grew 22% in FY2025 to approximately $1 billion ARR. It competes on AI-native architecture claims and has the most aggressive AI marketing position in the sector. Its key financial challenge is that it generates lower gross margins than CrowdStrike and has not yet demonstrated the operational leverage trajectory that would justify trading at a premium to the category leader.

The multiple dispersion between CrowdStrike at 15-18x NTM revenue and Check Point at 7-8x reflects not just growth rate differentials but architecture quality: cloud-native platforms with multi-module expansion economics trade at a structural premium to single-product or hardware-centric operators.

The Expert Map: Who Knows What

Cybersecurity is a sector where the expert with the best credentials often has the narrowest view. A CISO at a Fortune 500 company knows what their organisation buys and why, but has limited visibility into competitor win rates, vendor pricing dynamics, or R&D roadmap direction. A VP of Sales at CrowdStrike knows pipeline and pricing pressure but cannot speak to the customer's internal security posture. Triangulating the investment thesis requires building a deliberately diverse call list. The profiles below cover the primary expert types and what each one genuinely knows.

CISO at a large enterprise (financial services, healthcare, or government) These executives have the budget authority and the complete picture of the vendor selection process. They know which vendors they evaluated, why they chose or rejected them, and what their renewal conversations look like. What they cannot tell you is how the vendor prices deals at competitor accounts or what the vendor's product roadmap contains beyond what sales told them. They are the best source for understanding the actual purchase decision dynamics and the language of the sales process. Open with: "When did you last run a formal vendor review, and what triggered it?"

VP of Sales or Regional Sales Director at a Tier 1 cybersecurity vendor Sales leaders at CrowdStrike, Palo Alto, Zscaler, or Fortinet have real-time visibility into pipeline strength, deal velocity, and competitive displacement rates. They know whether customers are expanding modules or consolidating contracts, and they know which competitors they are winning against and on what terms. What they will not tell you directly: discount rates and the internal pipeline coverage they are reporting to their CFO. Open with: "Which competitor are you spending the most time positioning against right now, and what's the objection you keep hearing?"

Channel Partner Manager or MSSP Principal The managed security service provider is the intermediary between vendor and customer for roughly two-thirds of enterprise security programmes. An MSSP that resells CrowdStrike, Palo Alto, and Microsoft Security sees the buying behaviour of hundreds of customers simultaneously, giving them visibility into relative win rates, renewal stress, and product satisfaction that no single vendor's sales team possesses. They also know which vendor is discounting aggressively to defend share. Open with: "Which vendor are your clients asking you about most when they're considering a change, and in which direction is that conversation usually going?"

Former Director of Product at a cybersecurity platform vendor Product leaders who have exited within the last 18 months have the roadmap detail that external investors never see. They know which features were descoped, which customer complaints were systemic, and whether the ML models behind the product actually outperform the marketing. What they typically lack is commercial awareness: they rarely have visibility into deal sizes, win rates, or the pricing dynamics that sales manages separately from product. Open with: "Which use case did your platform solve reliably in production, and which one did it struggle with that customers rarely mentioned publicly?"

Head of Procurement / Technology Category Manager at a large enterprise Procurement leaders run the vendor review and know the true price after negotiation, which bears no resemblance to list pricing. They can speak to which vendors are defending price in renewals and which are folding under pressure. They know which vendors have switched from perpetual to subscription licensing and what resistance they encountered. Open with: "In your last cybersecurity procurement cycle, which vendor surprised you most on pricing, and was it in a positive or negative direction?"

Threat Intelligence Analyst at a government agency or financial sector CERT Analysts who work inside the financial sector's information sharing bodies or government cybersecurity agencies have visibility into the threat actor landscape that no commercial vendor possesses in full. They know which attack vectors are being trialled against critical infrastructure before they show up in vendor marketing materials. They typically have no commercial awareness and can be surprisingly candid about which vendor tools they find genuinely useful in incident response. Open with: "Which attack type is consuming the most of your analytical bandwidth right now that hasn't made it into public threat reports yet?"

Private Equity Operating Partner, post-cybersecurity platform acquisition PE firms that have acquired and scaled a cybersecurity platform, Thoma Bravo being the most active acquirer in the space, develop deep operational knowledge of the cost structure, customer retention mechanics, and sales productivity benchmarks that public companies do not disclose. Operating partners who worked on Imperva, Sophos, Proofpoint, or similar platforms can speak to what the P&L actually looks like from the inside. Open with: "What was the biggest surprise in the cost structure when you got into the financials post-acquisition?"

Early-Stage Founder or CTO at an AI-native cybersecurity startup The founder cohort building AI-native detection, identity verification, or autonomous response tools knows what the existing platforms cannot do. They are building into the gaps that incumbent platforms have not solved and can articulate those gaps with technical precision. The caution: they have an obvious commercial interest in arguing the incumbents are broken. Use them for product education and gap identification, not for competitive assessments. Open with: "Which specific capability gap in CrowdStrike or Palo Alto's platform convinced you there was a market for what you're building?"

Expert sourcing in cybersecurity is complicated by the NDA culture across the sector and the fact that many of the most valuable executives have vendor stock options or consulting relationships that constrain what they will say on record. Response rates for outbound sourcing of active CISOs are low: a 10-15% response rate on cold outreach is standard. The experts who respond immediately and are immediately enthusiastic are typically the ones with something to sell. The most credible experts in this sector usually require warm introductions, which is why the depth of a primary research provider's network, not just their database size, is the differentiating variable.

The Question Bank

The questions below are what experienced analysts ask when they want the answer that is not in the 10-K or the investor day transcript. They are organised by theme. The sequence matters: build rapport on structural questions, then move into the commercial dynamics, and leave the bluntest questions for the final third of the call when trust has been established.

Demand and Budget Dynamics

1. "Has your cybersecurity budget grown, shrunk, or stayed flat over the last 12 months, and what's the story behind that movement?"
2. "When you had to make cuts, which category took the first hit, and which one did you treat as untouchable?"
3. "Is your security spending being driven by compliance requirements, actual threat incidents, or board anxiety, and has that mix changed?"
4. "Which vendor are you paying for that you're not fully utilising, and why haven't you cancelled it yet?"

The signal here is the gap between the growth rate the market assumes and the actual budget environment at the customer level. IANS Research data from 2025 showed average security budget growth dropping to 4%, down from 8% in 2024. If you are hearing the same from CISOs, it creates a meaningful revenue revision risk for vendors guiding to double-digit growth.

Vendor Consolidation and Platform Switching

1. "How many security vendors are you actively managing right now, and what's your target number in two years?"
2. "Which single-point solution did you eliminate in the last 12 months, and who replaced it?"
3. "Have you had a multi-year platform consolidation proposal from CrowdStrike, Palo Alto, or Microsoft? How was it received internally?"
4. "What would it take for you to move your endpoint protection to Microsoft Defender at zero marginal cost? What's the objection?"

This is the most important question cluster for investors who are trying to understand which vendors win the consolidation trade and which lose it. Nearly 70% of CISOs are actively consolidating, per IANS 2025 data. The question is which platforms they are consolidating onto, and what the losers are.

Pricing and Renewal Dynamics

1. "What did your last renewal conversation look like? Did the vendor defend price, or did they fold?"
2. "What's the actual per-seat cost you pay for your primary endpoint platform versus what they advertise?"
3. "Which vendor is pricing most aggressively right now on new logos? Is that buying you confidence or making you nervous about their revenue quality?"
4. "Have you seen pricing pressure from Microsoft bundling security into M365 E5? Has it actually moved money?"

Pricing dynamics are the most direct leading indicator of whether the sector's NRR figures are durable. A vendor that is discounting aggressively to retain customers is reporting good ARR metrics today while building a margin compression problem for the next two to three years.

Competitive and Product Intelligence

1. "Which cybersecurity vendor's product has most improved in the last 18 months, and what specifically changed?"
2. "Which vendor has disappointed you operationally, separate from sales and pricing?"
3. "Has AI actually made your security tools meaningfully better in the last year, or is it mostly marketing?"
4. "Which vendor's roadmap are you most concerned about, and is your concern about the technology or the company?"

Zero Trust and Architecture Shift

1. "How far along are you in an actual zero trust implementation, and what's blocking the rest?"
2. "Is SASE replacing your hardware firewall estate, or sitting alongside it?"
3. "Which identity vendors are you using for privileged access management, and are you happy with the answer?"
4. "What does your ZTNA rollout tell you about which of the big platform vendors has the most credible zero trust product?"

AI and Emerging Threats

1. "Has AI changed the volume or sophistication of attacks you are actually seeing, or is that still mostly vendor marketing?"
2. "Are you spending money specifically to secure your AI deployments, and if so, with which vendor?"
3. "Which attack vector is consuming disproportionate SOC analyst time right now that is not getting much public coverage?"
4. "What does your response plan for a nation-state actor look like, and has it changed in the last two years?"

Build from structural to commercial, and from commercial to blunt. The last 10 minutes of a well-run call, when the expert has relaxed, is where the most useful material typically surfaces. The question about which vendor they are most concerned about, asked after 45 minutes of rapport-building, yields answers that could not be extracted in the first five minutes regardless of how it was phrased.

What to Read

For primary source research on attack trends and threat intelligence, Mandiant's annual M-Trends report and CrowdStrike's Global Threat Report are the most operationally grounded; both draw on live incident response data rather than survey methodology, and both are free. Gartner's Magic Quadrant series for SASE, endpoint protection, and SIEM is worth reading for competitive positioning, though analysts should understand that Magic Quadrant placement reflects product capability and vendor viability assessments, not share data or customer satisfaction.

For financial benchmarking, the IANS Research/Artico Search Annual CISO Budget Benchmark, published each September, is the most rigorous primary data source on enterprise security spending patterns. The 2025 edition is drawn from 628 CISOs and covers software allocation by category, platform consolidation trends, and MSSP adoption rates. Return on Security's annual State of the Cybersecurity Market report tracks funding and M&A in granular detail with a good filter on hype versus capital allocation.

On the sell-side, First Analysis publishes a detailed annual cybersecurity revenue and growth benchmarking study that is worth reading for cross-company comparisons. Omdia produces market share data by segment, including the network security appliance market share breakdown referenced in this primer.

For the regulatory framework shaping European spending, the NIS2 Directive text and DORA's technical standards, both now in enforcement, are the primary sources. The EU Agency for Cybersecurity (ENISA) publishes an annual Threat Landscape report that is useful context for understanding which categories regulators consider underinvested.

How Woozle Can Help

Woozle has run expert calls, channel checks, and CISO surveys across the cybersecurity sector for long/short equity funds, specialist technology pods, and PE deal teams evaluating platform acquisitions. Our network in this space includes active and former CISOs at regulated enterprises, VP-level sales and channel executives at Tier 1 vendors, MSSP principals with multi-vendor visibility, product and engineering leaders who have recently exited, and procurement specialists across financial services, healthcare, and public sector. Research is typically delivered within 24-48 hours of instruction, fully managed from expert identification through to call facilitation and transcript delivery.

To run primary research on cybersecurity or any adjacent technology sector, get in touch.

The data centre and AI infrastructure sector is the physical layer on which the global AI economy runs. These are the facilities, power systems, cooling infrastructure, and compute hardware that make it possible for hyperscalers, AI labs, and enterprises to train models and serve inference at scale. For most of the last decade, data centres were a slow-moving, yield-oriented corner of real estate. The AI buildout has turned them into one of the most intensely watched infrastructure categories in global markets, combining capital intensity, geopolitical stakes, energy grid constraints, and a rate of technological change that makes the economics genuinely difficult to predict.

This primer covers how the industry is structured, where the money sits, how players across the value chain make their returns, who the relevant experts are, and the questions that produce genuine insight on an expert call. Woozle has run primary research programmes for long/short equity funds, specialist tech-focused pods, and PE deal teams across data centre operators, power infrastructure providers, and AI compute supply chains.

What Is Data Centre and AI Infrastructure?

A data centre is a facility built to house servers, networking equipment, and storage at high density, with guaranteed power, cooling, physical security, and network connectivity. The term covers everything from a 500-square-foot edge node to a multi-gigawatt hyperscale campus consuming as much electricity as a small city. AI infrastructure refers specifically to the compute-dense subset of this market: facilities and supply chains designed to support GPU clusters used for model training and inference.

Data centre equipment and infrastructure spending reached $290 billion in 2024, with Alphabet, Microsoft, Amazon, and Meta investing nearly $200 billion between them. The top three hyperscalers alone plan to invest more than $500 billion in capital expenditures for infrastructure supporting AI deployment in fiscal year 2026. These are numbers that reclassify data centres from a niche infrastructure sub-sector into a first-order macroeconomic force.

The industry breaks into four structural segments. Hyperscalers (AWS, Microsoft Azure, Google Cloud, Meta) build and operate their own facilities at a scale no one else can match. Colocation providers (Equinix, Digital Realty, Vantage, CyrusOne, Iron Mountain) own the facilities and lease power-plus-space to tenants who bring their own hardware. Neoclouds (CoreWeave, Lambda Labs, Nebius, Nscale) are a newer category: they acquire GPU hardware, typically Nvidia H100s, H200s, and GB200s, and rent compute capacity by the hour to AI developers and enterprises who cannot secure sufficient GPU supply from the hyperscalers. Power and cooling infrastructure suppliers (Vertiv, Schneider Electric, Eaton, ABB) sell the critical physical infrastructure that makes any of these facilities function.

The margin concentration within this stack is counterintuitive. The companies with the smallest public profile — the Vertivs and Schneider Electrics of the world — often sit in a more defensible position than the operators above them. Power distribution, cooling systems, and UPS infrastructure represent under 10% of total data centre cost but are the items with the longest lead times and highest switching costs. The colocation operators capturing hyperscale demand are generating EBITDA margins above 50% at the best-positioned players, funded by 10-to-15-year leases signed before a single rack goes live.

Why Are Investors Looking At This?

The structural driver is not subtle. Traditional data centres operate at 10-15 kW per rack. AI workloads demand 40-250 kW per rack. This is not an incremental upgrade to existing infrastructure. It is a full redesign of the facility layer, requiring new power architectures, liquid cooling systems, and site selection criteria centred on grid access rather than real estate convenience. Every Nvidia GB200 NVL72 rack draws approximately 120 kW. The incumbent infrastructure estate was built for a world where racks drew 5 kW. Retrofitting or replacing that estate is a decade-long capital programme, and investors who own the right assets in the right locations for the right duration stand to compound through it.

The return profile varies sharply by segment. Colocation REITs like Equinix and Digital Realty trade on adjusted EBITDA multiples and AFFO yields, reflecting the long-lease, asset-heavy nature of the business. Equinix sustains a 51% EBITDA margin on top of a network effects moat built around interconnection: its facilities host the physical meeting point between cloud providers, carriers, and enterprises, which creates a switching cost that pure wholesale players do not have. Neoclouds trade on revenue multiples and contracted backlog, with investors pricing in whether GPU commodity pricing erodes unit economics before the hyperscaler capex cycle slows. Power infrastructure suppliers trade on order backlogs and book-to-bill ratios, with Vertiv's $8.5 billion backlog and 1.2x book-to-bill serving as a frequently cited leading indicator for the broader sector.

The live debate is a genuine bull/bear standoff. Goldman Sachs's baseline model implies $765 billion in annual AI capex in 2026, growing to $1.6 trillion by 2031. Investors who are long argue that demand is structural, not cyclical: every new AI model generation consumes more compute, inference workloads scale with adoption, and lead times on power and cooling equipment mean supply cannot catch up for years. Those who are cautious point to customer concentration risk — CoreWeave generated 62% of its revenue from Microsoft at IPO — the possibility of model efficiency gains reducing compute intensity, and the precedent of the late 1990s telecom buildout as a reference for infrastructure euphoria ending badly. H100 rental rates have already declined 60-75% from their peak.

The more recent complication is on the supply side of supply: the power grid itself. High-voltage transformer lead times, which ran 24-30 months pre-2020, now stretch to five years. Projects that exist on paper and in press releases are not the same as projects that will come online on schedule. This is the variable repricing the sector in real time.

The unit economics of this sector look different depending on which layer of the stack you are analysing. The colocation REIT model and the neocloud model are not the same business, do not face the same risks, and should not trade at comparable multiples — yet the market has periodically conflated them. The expert map below identifies the job titles with actual line-of-sight on the metrics that drive each model, and the question bank draws out the answers that filings and earnings calls consistently do not give.

How the Industry Actually Works

The Business Model

Colocation operators generate revenue through a modified gross lease structure priced in dollars per kilowatt per month. The customer commits to a power allotment for a contract term. Electricity costs are passed through separately as a variable charge on top of the base rate. The US wholesale market averaged $195.94 per kW per month for 250-500 kW deployments in H2 2025, a 6.5% year-over-year increase, with larger deployments of 10 MW or more seeing rates rise by up to 19% as vacancy fell to a record-low 1.6%.

Contract structure varies by customer size. Retail colocation, covering 1-50 racks, runs month-to-month or on one-to-three year terms. Wholesale deployments, starting at 250 kW, run three to seven years. Hyperscale deployments at 4 MW and above are typically 10-to-15-year commitments with annual escalators of 2.5-5% built in. The escalator is frequently invisible in analyst models but compounds significantly over the lease term. The customer who locked in capacity at $120/kW-month in 2021 is paying less than half what a new entrant would pay in the same market today.

Neoclouds operate a fundamentally different model. They borrow to buy GPU hardware, lease facility space from colocation providers, and sell GPU-hours to AI developers. As of late 2025, H100 instances on CoreWeave were priced at approximately $2.49 per hour at the low end, significantly below Azure and GCP list pricing for equivalent configurations. The economics turn on utilisation: a GPU cluster at 80% utilisation is a good business. One running at 50% is not.

The Value Chain

The value chain runs from land and grid access through facility construction, power and cooling infrastructure, hardware procurement, and compute delivery to the end customer.

Land and power rights sit at the top of the value chain and are the scarcest input. Grid interconnection queues in the US PJM territory now average eight years from application to commercial operation. Sites with existing grid access and substation capacity command a structural premium that no amount of capital can easily replicate. Operators who control these sites locked in optionality years ago; developers announcing new campuses today are largely competing for the same constrained pool of energisable land.

Facility construction costs have risen sharply. JLL estimated US construction costs at $10.7 million per MW in 2025, up from roughly $7-8 million in 2022. The primary drivers are power and cooling infrastructure costs, not civil construction. Transformer lead times of three to five years mean developers who did not pre-purchase critical equipment in 2022 or 2023 are facing delivery schedules that push meaningful capacity well into 2027 and beyond.

Power and cooling suppliers occupy a structurally advantaged position in the chain. Vertiv posted 35% revenue growth in Q2 2025, with a backlog of $8.5 billion and a book-to-bill ratio of approximately 1.2x. Schneider Electric disclosed that data centres made up 24% of its incoming orders in 2025. These businesses carry 18-to-36-month delivery backlogs, meaning their revenue visibility is better than almost any other company in the supply chain.

The Competitive Dynamic

Scale and power access define the competitive pecking order in colocation. Operators with signed offtake agreements from investment-grade hyperscalers can finance construction at lower cost of capital than anyone else in the market. The hyperscalers' credit rating becomes, in effect, a funding mechanism for the colocation provider. Operators without that anchor tenancy are competing on price in a market where the best sites are already committed.

Within the neocloud segment, the competitive dynamic is less settled. The segment was built on a premise — that hyperscalers could not deliver sufficient GPU capacity to meet AI demand — that is weakening as hyperscaler buildouts accelerate. The question is whether neoclouds can develop software differentiation, proprietary interconnect performance, or specialist vertical positioning to sustain margins as commodity GPU pricing normalises.

Interconnection is Equinix's specific moat and is frequently misunderstood. Wholesale REITs are renting megawatts. Equinix is renting megawatts plus the network meeting room where tenants connect to clouds, carriers, and each other. That interconnection layer generates higher margins than raw colocation and creates switching costs that persist even when the tenant grows large enough to build their own facility elsewhere.

Unit Economics

Revenue is built on committed power capacity. A 100 MW colocation campus at $190/kW-month generates approximately $228 million in annual base revenue before electricity pass-through. Power costs are passed through directly and are margin-neutral; what the operator is selling is the reliability, redundancy, and connectivity of the facility itself. At 95%+ committed utilisation — the current market norm in tier-one US markets — that base revenue is highly visible.

Gross margins in this sector require careful definition. Equinix operates at approximately 51% adjusted EBITDA margins, reflecting the interconnection premium and the fact that electricity pass-through does not inflate the revenue base. Digital Realty, more wholesale-oriented with less interconnection revenue, runs closer to 40-45% adjusted EBITDA. Vantage, Applied Digital, and other build-to-suit specialists targeting pure hyperscale leases operate at lower margins still — they are essentially providing power-ready shell space rather than the managed, interconnected environment that commands premium pricing.

Capital intensity is the defining financial characteristic of this sector. Construction costs of $10-12 million per MW mean a 500 MW campus requires $5-6 billion of upfront capital before a single tenant pays rent. Returns on that capital depend on contract duration, pricing per kW, and cost of debt. At 15-year lease terms and investment-grade counterparty credit, the asset finances well. At five-year terms with AI startups as counterparties, lenders demand significantly more protection.

Cash flow generation is strong relative to reported earnings, because depreciation of long-lived assets (20-30 year economic lives) runs well above maintenance capex needs. This is why the sector uses AFFO as the primary cash return metric. Equinix's AFFO grew 12% in Q1 2026 to $1.065 billion on a revenue base of $2.44 billion.

The key financial KPIs that experienced investors track:

Power Usage Effectiveness (PUE). Total facility energy consumption divided by IT equipment energy consumption. Best-in-class AI facilities with liquid cooling run 1.02-1.15; industry average is closer to 1.5. Every 0.1 improvement in PUE on a 100 MW campus saves approximately $3-5 million in annual energy cost depending on local tariffs.

Book-to-bill ratio. New orders signed in the period divided by revenue delivered. Vertiv's 1.2x reading is the most widely watched leading indicator in the power infrastructure segment. A sustained reading above 1.0 signals growing backlog.

Contracted backlog. Total contracted but undelivered revenue. For colocation operators, this is the most reliable forward revenue indicator. Digital Realty's backlog, disclosed each quarter, is one of the first numbers sophisticated analysts check against the prior quarter.

$/kW-month lease rate. The headline pricing metric, tracked by CBRE and Cushman and Wakefield for primary markets each half-year. Investors use rate trends across markets to assess supply tightness and pricing power.

Committed utilisation. The percentage of available powered capacity under signed lease. Primary US markets are running at 98%+ committed in many sub-markets, which is what drives the rate increases above.

Annualised gross bookings. Used by Equinix to describe the annualised contract value of new leases signed in a period. Its record $378 million in Q1 2026 was the primary signal that AI inference demand is translating into real colocation demand, not just hyperscaler owned-and-operated additions.

Interconnection revenue share. The percentage of total revenue derived from cross-connects and network interconnection services. Higher is better from a margin perspective and signals network density. Equinix's share is structurally higher than any peer and is the single metric that most clearly separates its business model from wholesale competitors.

Key Players

The market splits cleanly into the four layers of the value chain, each with distinct competitive dynamics and financial profiles.

Hyperscalers — AWS, Microsoft Azure, Google Cloud, and Meta — dominate demand. They simultaneously build their own facilities, lease from colocation providers, and purchase GPU compute from neoclouds when their own infrastructure cannot keep pace with model training demand. Hyperscalers operated 1,360 large data centres globally by end of 2025, nearly triple the amount from 2018. Microsoft committed $80 billion in data centre capital in FY2025 alone.

Equinix is the largest colocation operator globally by revenue, generating $2.44 billion in Q1 2026 on 270 data centres across 36 countries. Its competitive position rests on the interconnection layer — the physical and virtual peering infrastructure that makes its facilities network hubs rather than mere hosting venues. Adjusted EBITDA reached a record 51% margin in Q1 2026, with AFFO growing 12%.

Digital Realty operates 300-plus facilities globally, generating $1.6 billion per quarter in revenue at approximately 40-45% EBITDA margins. It is more wholesale-oriented than Equinix, with a larger proportion of revenue from large-block hyperscale leases. Vantage Data Centers has built approximately 2.6 GW of global capacity through build-to-suit hyperscale campuses. Applied Digital signed a $7.5 billion Delta Forge 1 hyperscaler deal in April 2026. CyrusOne, taken private by KKR and Global Infrastructure Partners, focuses on wholesale enterprise and cloud-adjacent deployments.

CoreWeave is the most prominent neocloud globally, operating 43 data centres with approximately 250,000 GPUs, growing from $16 million in revenue in 2022 to $1.9 billion in 2024 before its March 2025 IPO. Lambda Labs, Nebius, and Nscale occupy the next tier, each targeting different customer profiles: Lambda targeting developers and academic research, Nebius targeting enterprise AI in Europe, and Nscale positioning around long-term hyperscaler offtake agreements.

Vertiv and Schneider Electric dominate the market for critical power and cooling infrastructure. Vertiv's 360AI platform supports rack densities to 100 kW with integrated busway, coolant distribution, and leak detection. Schneider Electric competes across UPS systems, modular data centre architecture, and power management software. Eaton and ABB compete in switchgear, UPS, and medium-voltage distribution. These businesses carry 18-to-36-month backlog coverage and operate at EBITDA margins in the 15-25% range — lower than the colocation operators but with more stable demand visibility and less capex intensity.

The least-covered segment but arguably the most structurally constrained sits in transformer and switchgear manufacturing. Substation transformer lead times stretched from roughly 140 weeks in 2023 to more than 160 weeks in 2026, with annual demand expected to rise from 1,500 units to more than 9,000 by 2030. Hitachi Energy, Eaton, ABB, TBEA, and China XD Group are the primary players in a market where being in the procurement queue early is the only competitive advantage that matters.

The Expert Map: Who Knows What

No single call covers this sector. The hyperscale buildout, the colocation lease market, the neocloud GPU economics, and the power infrastructure supply chain are four separate research programmes. Triangulating across them produces a materially more accurate picture than any individual expert can provide alone.

VP of Real Estate or VP of Site Acquisition at a hyperscaler. These individuals control the site selection function for hyperscaler campus development. They know which markets the company is prioritising, what power capacity is being actively pursued, and how far into the future the development pipeline extends. They do not know the financial model for compute economics or commercial cloud product terms. Best used early in thesis construction to understand where demand is heading geographically before it becomes public. Open with: "What changed about your site selection criteria in the last 18 months, and which markets got removed from your priority list?"

Head of Power Development or Energy Procurement Director at a hyperscaler or large colocation operator. The person responsible for securing grid capacity, negotiating power purchase agreements, and managing grid interconnection queues has direct line-of-sight on the single most constrained input in the buildout. They know which markets are actually deliverable on what timelines, as opposed to what gets announced. Best used to interrogate the credibility of announced delivery timelines. Open with: "Of the sites your company has announced in the last two years, how many have a signed utility agreement in place for the power needed?"

Data Centre General Manager or Campus Operations VP at a colocation operator. Site-level operators know actual utilisation, the real status of current build programmes, customer satisfaction and renewal intent, and the operational detail that never makes quarterly filings. Best used for competitive intelligence on specific markets. Open with: "Which competitor did you last lose a meaningful renewal to, and why?"

Director of Infrastructure or Head of AI Compute at an AI lab or large enterprise. These individuals make or influence the buy decision for GPU compute capacity. They know what their capacity pipeline looks like, which providers are performing on SLAs, and where they are likely to commit new spend. Best used to validate or challenge the demand assumptions embedded in neocloud and colocation operator bull cases. Open with: "What constraint is actually limiting how fast you can scale your compute right now?"

VP of Sales or Enterprise Account Director at a neocloud. Sales leaders at CoreWeave, Nebius, or Lambda Labs have direct visibility into pipeline, close rates, customer negotiation dynamics, and competitive pressure from the hyperscalers. They know which customer segments are sticky versus commoditising. Best used to assess demand quality and competitive dynamics between neoclouds and the Big Three clouds. Open with: "What objection do you hear most often from customers who were interested but went somewhere else?"

Supply Chain Director or Procurement VP at a power infrastructure supplier (Vertiv, Schneider, Eaton). This expert has direct knowledge of order intake, delivery timelines, customer concentration, and competitive dynamics in the most constrained part of the supply chain. They know which transformer or switchgear categories are most supply-constrained and which customers are pulling orders forward versus pushing them out. Best used to validate the credibility of infrastructure delivery timelines. Open with: "Which product line has the longest current lead time, and what would need to change for that to improve?"

Former CFO or Finance Director at a colocation REIT (12-24 months post-departure). Ex-CFOs have the most complete picture of how the financial model actually works in practice: the gap between headline EBITDA and distributable cash, the real cost of development capital relative to what gets disclosed, and the operational cost lines that are hardest to control. Recency matters — knowledge from three or more years ago misses the AI repricing of the market entirely. Open with: "When you were running the numbers internally, what was the gap between what the model said and what the business actually did?"

Grid Interconnection Consultant or Transmission Planner at a utility advisory firm. These individuals work on interconnection studies for specific proposed data centre projects, see the queue in real time, and can describe which projects are likely to receive grid capacity and on what timeline. Best used to challenge or validate publicly announced delivery timelines for specific markets. Open with: "Of the projects in the PJM queue right now related to data centres, what percentage do you expect to reach commercial operation within their announced timelines?"

Real Estate Investment Manager at a fund with data centre exposure. Infrastructure and real estate fund managers who own data centre assets have a portfolio-level view of returns: what deals were structured at, how performance has deviated from underwriting, and how the secondary market for data centre assets is developing. Best used for perspective on capital market dynamics and the gap between public market pricing and private transaction values. Open with: "What assumptions in your original underwriting have turned out to be most wrong, and in which direction?"

Expert sourcing in this sector is genuinely difficult. Former hyperscaler executives who have recently left are the highest-value and scarcest category; compliance functions at their former employers often restrict them from discussing specific data. Neocloud sales and operations people are more accessible but require careful screening: the sector has attracted a large number of people with thin operational backgrounds and strong opinions. The difference between a person who managed a GPU cluster and one who managed the financial model and customer contracts for a neocloud is the difference between an operational view and an investment-relevant view. Woozle pre-screens for the latter.

The Question Bank

A good data centre expert call earns its value in the second half. The first twenty minutes establish credibility and context. The next twenty pull on the threads that earnings calls never address. The questions below are organised by investment theme rather than by expert type, because the most useful signals come from cross-referencing answers across multiple expert categories against each other.

Demand Quality and Customer Concentration

1. Of the capacity you have committed in the last twelve months, how much was signed with tenants who have been customers for more than three years versus first-time customers?
2. What percentage of your signed bookings come from customers who are currently using less than 50% of their committed capacity?
3. If your single largest customer reduced their contracted footprint by 30%, how long would it take you to re-lease that capacity at current market rates?
4. Are you seeing any customers try to renegotiate signed leases on terms that are not in the contract?
5. Which customer type is growing fastest right now: hyperscalers building AI training clusters, enterprise inference deployments, or something else?

What you are listening for: signs that demand is committed versus optioned, and the degree to which customer concentration creates event risk that does not appear in backlog metrics.

Power and Delivery Timeline Credibility

1. For projects you have announced in the last eighteen months, what percentage have a signed utility agreement in place for the full announced power capacity?
2. What is the current timeline between site selection and the date you can energise the first rack in a new market?
3. Have you had to revise any announced delivery dates in the last six months, and if so, what caused it?
4. How much of your transformer and switchgear procurement for 2026 and 2027 deliveries was placed before 2024?
5. Which markets are you avoiding right now because the grid interconnection timeline is too uncertain to underwrite?

What you are listening for: the gap between what is announced publicly and what is actually deliverable. The transformer procurement question in particular reveals whether the company was operationally sophisticated early or is relying on announced plans with no physical equipment behind them.

Unit Economics and Pricing Dynamics

1. What did you charge for a 10 MW wholesale lease in Northern Virginia twelve months ago versus today?
2. At what renewal rate are you seeing customers who signed at the 2021-2022 pricing floor?
3. What is your actual electricity cost per kW in your top three markets, and how has that changed in the last year?
4. When a customer at lease renewal asks for a lower rate because they are committing more capacity, how far are you actually moving on price?
5. Which cost line is most exposed to inflation that you cannot pass through to customers?

Competitive Dynamics and Market Share

1. Which competitor did you lose your most recent meaningful deal to, and what was the deciding factor?
2. Are you seeing any new entrants in your core markets pricing below your current rate, and where are they getting the capital to build?
3. When hyperscalers tell you they are building their own facility rather than leasing from you, what is actually driving that decision?
4. In the neocloud market, which GPU generation transition caused the most operational disruption, and who handled it best?
5. What does a customer have to be willing to accept to lease from a new entrant rather than from an established operator?

Technology Transition Risk

1. When your largest hyperscaler tenant upgrades from H100 to GB200 infrastructure, what changes in the facility requirement?
2. How much of your current liquid cooling infrastructure is compatible with the next generation of Nvidia hardware without retrofitting?
3. Are you hearing from customers that their inference workloads are becoming more efficient to run per query, and if so, how is that affecting their capacity planning?
4. What happens to the economics of a neocloud that bought H100s at peak pricing if the market moves to GB200 supply within eighteen months?
5. Which cooling technology transition do you see being forced by hardware roadmaps, and what is the timeline?

The best calls in this sector start with an operational question about something specific and recent, earn enough trust to move to pricing and customer dynamics, and end with the technology transition question that the analyst has been building toward all along. The last ten minutes are usually where the call earns its cost.

What to Read

For ongoing market intelligence, Data Center Dynamics and Data Centre Magazine are the two publications with the deepest operational coverage of the sector, tracking both individual facility announcements and macro trends in power procurement, cooling technology, and lease markets. CBRE and Cushman and Wakefield both publish semi-annual colocation market reports with market-by-market pricing and vacancy data — the authoritative source for the $/kW/month benchmarks that underpin most colocation financial models.

For the power supply chain specifically, Wood Mackenzie's data centre power infrastructure research covers transformer and switchgear demand, supply, and lead time data in more granular form than any other public source. Uptime Institute's annual outage analysis and annual data centre survey track PUE trends, outage costs, and operator sentiment across the global industry.

For hyperscaler capex, the quarterly earnings calls of AWS, Microsoft, Google, and Meta are the single best primary source. Reading them in sequence and tracking the specific language around AI infrastructure commitment, delivery milestones, and capacity additions is more informative than most sell-side synthesis. Goldman Sachs's May 2026 piece on AI capex assumptions is the most rigorous public framework for thinking about the magnitude and duration of the current buildout cycle.

How Woozle Can Help

Woozle has run expert calls, surveys, and channel checks across the data centre and AI infrastructure sector for long/short equity funds, specialist tech and infrastructure pods, and PE deal teams underwriting colocation and neocloud transactions. Our network in this space includes former site selection and power procurement executives from hyperscalers, operations leads and sales directors from colocation operators, supply chain directors from power infrastructure suppliers, and grid interconnection consultants who work directly with utilities on large load applications. Research is typically delivered within 24-48 hours of instruction, fully managed: we source, screen, and moderate so your team spends its time on the call rather than on logistics.

To run primary research on data centres, AI infrastructure, or any adjacent area of the compute stack, get in touch.