Cybersecurity: Resilient Growth and Clear AI Beneficiary

Cybersecurity is an important component of the Darwin, Humboldt, and Beagle portfolios. We often refer to these companies as "mayhem stocks," capable of playing both offense and defense. On offense, the sector is benefiting from secular growth drivers like cloud adoption, AI, and the trend toward tool consolidation, which is enabling durable growth. On defense, cybersecurity has proven to be among the most resilient categories of enterprise IT spend, since protecting against attacks remains essential regardless of macro conditions. 

The Rising Importance of Cybersecurity 

The importance of cybersecurity has never been greater. A confluence of factors, including rising attack volumes, the escalating financial and reputational costs of breaches, and the growing sophistication of threats, has elevated cybersecurity from a back-office IT function to a primary business risk. This trend is now being accelerated by generative AI, which gives malicious actors powerful tools to automate attacks, create convincing deepfakes, and evade traditional defenses. 

In an IMF report from 2024, it’s estimated that malicious cyber incidents have grown roughly 6x from 2010 to 2023. Additionally, the cost of a breach in the US reached an all-time high, growing 9% year-over-year in 2024 to $10.2M. 

As a result, cybersecurity has become a boardroom-level imperative and one of the most durable areas of enterprise spending. The overall market is expected to grow at a nearly 12% compound annual growth rate (CAGR) through 2028, reaching a $377 billion market size according to IDC. With tool consolidation, a trend we describe below, the leading cybersecurity platforms are growing above the market growth rate, some 2-3x industry growth. 

Real-World Case Studies Underscore the High Stakes 

High-profile breaches starkly illustrate the massive financial and operational costs of a successful attack, making cyber defense a non-negotiable enterprise priority regardless of the economic climate. The AT&T data breach, for example, highlighted the risks of its sprawling cloud ecosystem. When a third-party vendor was compromised, the sensitive data of millions of subscribers was exposed, resulting in a $177 million settlement.  

Similarly, the 2023 MGM Resorts attack began with a simple social engineering ploy to steal an employee's credentials, which allowed attackers to shut down core hotel and gaming operations for ten days, costing the company over $100 million. This MGM incident powerfully demonstrates the critical need for modern identity security and rapid data recovery, which are challenges directly addressed by our investments in CyberArk and Rubrik. These real-world examples underscore why boards now treat cybersecurity as a fundamental business risk and why spending on leading platforms remains highly durable. 

Investing in Cybersecurity: Multiple Drivers of an Improving Landscape and The Shift to Platforms 

Historically, cybersecurity was a difficult industry in which to invest. Beyond its technical complexity, the industry was driven by a "boom-bust" cycle based on the threat of the moment. Enterprises adopted a best-of-breed approach, buying a patchwork of point solutions. This created a highly fragmented security landscape and a volatile industry, leaving investors with little visibility into any single company's long-term durability. 

Over time, however, the best-of-breed approach became unsustainable. Enterprises were managing dozens of vendors, each with their own procurement cycle, contract, user interface, training requirements, and siloed data which led to inefficiency, bloated cost structures, security gaps, and vendor fatigue. This approach reached a breaking point several years ago, leading to a pronounced shift towards trusted strategic cybersecurity partners with integrated and broad platforms. By consolidating on fewer strategic platforms, Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) were able to simplify their vendor relationships, gain efficiencies, and reduce cost.  

In our view, the rise of strategic, broad cybersecurity platforms with multiple products to cross-sell is a very different dynamic than the previous best-of-breed point solution approach of the past. This has improved the durability of growth for the leaders and made this space attractive for investment.  

Another driver of an improving landscape is cybersecurity’s priority within the IT budget. As shown in the chart below, Security Software ranks as the second highest spending priority for CIOs in Morgan Stanley’s 2025 CIO survey, behind only Artificial Intelligence/Machine Learning. It consistently outpaces other enterprise initiatives such as digital transformation, cloud computing, and ERP applications.  

The Six Core Pillars of Cybersecurity 

To navigate the evolving cybersecurity investing landscape, we've developed a framework called the Six Pillars of Cybersecurity. This lens helps illuminate a powerful trend: the market is consolidating around leaders within these six core domains. Typically, these leaders pioneered their category, built early trust and a technical edge, and have since expanded to create comprehensive platforms. Cybersecurity is not a winner-take-all industry, as threats evolve too quickly and enterprises will always deploy multiple layers of defense. However, within each segment, we see a ‘winner-take-most’ dynamic: platforms with trusted reputations, next-gen features, and breadth of capabilities gain disproportionate advantages in enterprise adoption. These forces lead to concentrated market share amongst a few platform leaders. From our perspective, the industry is consolidating around six critical segments: 

While the first two pillars of our cybersecurity framework, Network and Endpoint security, are established segments well understood by investors, the rise of Cloud, Zero Trust, Identity, and Data represents the newer, more rapidly growing frontier of the industry. The recent inflection in the importance of these pillars stems from a fundamental breakdown of the traditional security perimeter. Driven by mass cloud adoption and hybrid work, the old security model, which automatically trusted any user or device once they were inside the corporate network, became obsolete. This shift established identity as the new, and most critical, control point for security, leading to the adoption of Zero Trust architectures as attackers evolved their tactics from "breaking in" to the network to simply "logging in" using stolen credentials. 

This trend was amplified by the evolution of ransomware, which now prioritizes exfiltrating sensitive data for extortion over simple encryption, making data protection and resilience a mission-critical business function. High-profile breaches have repeatedly demonstrated the devastating financial and reputational costs of a successful attack. 

Finally, mounting external pressures have cemented this priority shift. New SEC rules mandating timely disclosure of material breaches and stringent cyber insurance policies requiring advanced controls like Privileged Access Management (PAM) have transformed identity and data security from a siloed IT concern into a central, board-level imperative. These forces combined to create a perfect storm, placing cloud, zero trust, identity, and data at the very center of modern cybersecurity strategy. 

We have positioned our portfolios to own the leaders in each pillar where the companies also meet our eight investment criteria and where we see the valuation and risk-return for the stock as attractive over our long-term investment horizon. Below we touch briefly on each company owned in the portfolio. 

Palo Alto Networks (PANW) – The Broadest Platform & Leader in Network Security 

• Palo Alto Networks is solidifying its position as the market’s most comprehensive security platform, spanning network, cloud, and security operations. Its proposed acquisition of CyberArk (we intend to retain Palo Alto stock when the stock-for-stock deal closes in 2026) is a bold strategic move that strongly validates our thesis: in an era of dissolving perimeters, identity security is a critical pillar of any enterprise defense. This combination not only enhances Palo Alto's platform vision with best-in-class identity protection but also accelerates the industry's consolidation around a few trusted leaders. As past owners of PANW, we are excited to regain exposure as we believe this merger creates a formidable industry leader for years to come. 

Microsoft (MSFT) – The Largest Cybersecurity Vendor and a Leader in Endpoint & Identity 

• Microsoft is the single largest cybersecurity vendor by revenue (estimated at over $30B annually), a position achieved by leveraging its unmatched enterprise software footprint. Its core advantage lies in bundling security capabilities directly into its ubiquitous E3 and E5 licenses, making enterprise-grade security accessible and frictionless for millions of customers. The Defender suite has matured into a strong endpoint and threat protection platform, while its Entra portfolio anchors identity and access management. By integrating "good enough" security at an unbeatable price point, Microsoft has created a powerful ecosystem that is the default choice for many businesses, especially in the small and mid-sized market. 

Zscaler (ZS) – The Pioneer of Zero Trust Networking 

• Zscaler is the clear pioneer of Zero Trust security, purpose-built for the cloud-first, work-from-anywhere world. Its platform serves as an intelligent cloud switchboard: instead of relying on a traditional network, it securely connects the right user to the right application, regardless of their location. Its foundational services, Zscaler Internet Access (ZIA) and Private Access (ZPA), created the playbook for this modern architecture. From this core, Zscaler has expanded its platform to include data loss prevention, digital experience monitoring, and cloud workload protection, establishing its role as a critical control point for the modern enterprise and enabling durable topline growth, as evidenced by its 22% annual recurring revenue (ARR) growth in the most recent quarter. 

CyberArk (CYBR) – The Standard in Identity Security 

• CyberArk is the standard in identity security, pioneering the market for protecting an enterprise’s most sensitive credentials. Its platform was built to solve a critical problem: securing privileged accounts, the "keys to the digital kingdom" used by IT administrators and developers. As identity became the primary attack vector, CyberArk expanded its platform to protect all identities, from human workforces to automated machine identities, a move strengthened by its acquisition of Venafi. This market leadership is driving impressive results, including 46% year-over-year revenue growth in the recent quarter. The pending acquisition by Palo Alto Networks is the ultimate validation of its critical role, confirming that its leading identity security is a non-negotiable component of a modern security platform. 

Rubrik (RBRK) – Next-Gen Leader in Data Security & Cyber Resilience 

• Rubrik has successfully evolved from a next-generation data backup tool into a strategic cyber resilience platform, elevating its importance from the IT department to the CISO and the board. Its core mission is to serve as the last line of defense, ensuring that when a breach inevitably occurs, a business can recover its critical data and systems in hours instead of weeks. This focus on rapid recovery is a crucial differentiator, as the high cost of operational downtime often exceeds the ransom itself. Rubrik continues to innovate with capabilities like Identity Resilience, which restores identity systems after an attack, and Agent Rewind, which helps roll back malicious changes made by AI agents to critical data. This leadership position is driving strong financial results, including 36% year-over-year ARR growth and a net revenue retention rate north of 120% in its most recent report. 

Concluding Thoughts & Portfolio Positioning 

We have positioned the portfolio to own the companies we believe are the long-term winners in the most critical segments of cybersecurity. Our investment process remains disciplined, focusing on both technological leadership and attractive risk-reward. For example, while we recognize CrowdStrike as a dominant leader in Endpoint security, its valuation keeps us on the sidelines for now. This discipline ensures we allocate capital where we see the strongest potential for risk-adjusted returns. 

Looking ahead, we are confident that our concentrated exposure to these leading platform companies positions the portfolio to benefit from the powerful trends of vendor consolidation and the growing need for AI-enhanced security. Cybersecurity is a rare sector that offers both offensive growth and defensive resilience, and we believe it remains one of the most compelling opportunities for long-term investors.