Key Takeaways:

  • The global cybersecurity market surged to an estimated $272 billion in 2025, with IT security budgets outpacing general software spending by 50%.
  • Stolen credentials were the initial access point in 22% of all corporate breaches, driving a massive enterprise shift toward identity protection and zero-trust software.
  • Investors can capitalize on this spending supercycle through major cybersecurity equities like CRWD, PANW, and FTNT, or diversified ETFs like CIBR.

There are currently over 24 billion compromised username and password combinations floating around on dark web marketplaces. That equates to three stolen credentials for every person on the planet, a systemic vulnerability attackers are aggressively monetizing.

For investors, this massive exposure represents one of the most compelling growth narratives in the tech sector. Attackers no longer need to execute sophisticated hacks to steal corporate data; they just buy reused employee passwords for pennies.

The Enterprise Identity Shift

This human vulnerability is driving a massive capital reallocation toward enterprise identity-security platforms. According to Gartner’s latest cybersecurity projections, IT departments are actively abandoning legacy perimeter defenses. Instead, they are pivoting to zero-trust architectures and continuous identity verification solutions to lock down their internal networks.

Yet, the weakest link in this multi-billion-dollar transition remains off-network employee behavior. Because modern corporate perimeters now extend to personal devices and home networks, enterprise security models increasingly mandate strict endpoint hygiene. Whether it involves enforcing strict multi-factor authentication protocols, auditing home network configurations, or requiring staff to utilize a secure password manager to prevent lateral credential attacks, the objective is to neutralize human error at the source. By locking down these individual endpoint habits, enterprises ensure that a single breached personal account doesn’t bypass their expensive zero-trust infrastructure.

Valuation and Relative Value in Cyber Equities

When looking at the primary beneficiaries of this enterprise spending spree, investors must weigh growth against increasingly stretched multiples. CrowdStrike Holdings Inc. (NASDAQ:CRWD) remains a best-in-class operator for endpoint and identity threat protection, but its premium valuation requires flawless quarterly execution.

Similarly, Palo Alto Networks Inc. (NASDAQ:PANW) commands a hefty premium, trading at roughly 85x trailing earnings. While its platform dominance is undeniable, that sky-high multiple leaves zero room for error, making it a high-risk, high-reward play in the current macroeconomic environment.

Conversely, Fortinet, Inc. (NASDAQ:FTNT) offers a fascinating alternative, hitting $6.8 billion in full-year revenue while trading at a much more conservative 36x trailing earnings. This presents a distinct relative value compared to its mega-cap peers. Their unified threat platform leans heavily into the SMB market, a massive segment that enterprise giants often overlook, providing a highly attractive risk/reward setup for value-conscious tech investors.

The ETF Alternative

For those who want exposure to the secure identity infrastructure boom without the volatility of picking single winners, the First Trust NASDAQ Cybersecurity ETF (NASDAQ:CIBR) holds roughly $9.5 billion in AUM.

Alternatively, the Amplify Cybersecurity ETF (NYSE:HACK), with $1.94 billion in assets, tilts toward mid-cap firms. This allows investors to spread their bets across the entire security value chain.

The Bottom Line

The era of relying on human memory to secure corporate data is over, forcing a mandatory, industry-wide upgrade cycle. However, blindly buying the sector is a dangerous game given the stretched valuations of legacy network players.

The real forward-looking alpha lies specifically in identity infrastructure and zero-trust providers. As the war against stolen credentials intensifies, companies that can seamlessly secure the human element, without disrupting enterprise workflows, will capture the lion’s share of IT budget expansions over the next 24 months.

Benzinga Disclaimer: This article is from an unpaid external contributor. It does not represent Benzinga’s reporting and has not been edited for content or accuracy.