The prospect of offensive attacks using artificial intelligence (AI) is prompting increases in cybersecurity budgets as organisations try to understand the impact of generative AI (GenAI) on their security, says research group GlobalData.

AI is already used for threat detection, and its greater adoption will undoubtedly help offset attacks. However, learning how to counter AI-led attacks will take time and cybersecurity vendors and users will face a bumpy ride for the next two to three years.

GlobalData’s latest report – Cybersecurity – Thematic Intelligence – reveals cybersecurity budgets will grow in line with IT budgets in 2024 as organisations come to terms with AI’s impact on their operations.

The company forecasts that the global cybersecurity market will be worth $290-billion by 2027 – growing at a compound annual growth rate (CAGR) of 13% between 2022 and 2027. Managed security services, application security, and identity and access management will be high-growth areas.

“Organisations have learned how to cope with cyberattacks that deliberately target enterprise technology such as networks, cloud storage, and endpoint devices,” says David Bicknell, principal analyst: thematic intelligence at GlobalData. “But AI is a game-changer. Now, organisations must respond to AI attacks that can adapt to a specific environment, seek out weaknesses, and exploit them. This is uncharted territory.

“It is still too early to know where the balance lies in how AI impacts organisations’ cybersecurity positioning,” Bicknell continues. “AI can help organisations improve their efficiency in threat detection, hunting, and incident response but, at the same time, adversaries will use AI in cyberattacks. A simple example is cybercriminals using generative AI to strengthen phishing attacks by eliminating the telltale signs of fake messages, such as poor grammar and spelling mistakes.”

The expected significant change in the cybersecurity market will drive a strong focus on cybersecurity mergers and acquisitions (M&A) deal activity throughout 2024. Cisco’s $28-billion acquisition of Splunk will be the catalyst for AI-led cybersecurity M&A deals in 2024.

“Both startups and maturing cybersecurity companies are expected to be on the radar of larger vendors looking for products and talent,” says Bicknell. “In addition, cybersecurity M&A is anticipated to attract regulators’ interest, particularly as a small group of private equity (PE) players are snapping up numerous cybersecurity companies.

“In October 2022, US PE firm Thoma Bravo acquired identity and access management provider ForgeRock in a $2,3-billion deal that was eventually cleared by US regulators. Recently, Thoma Bravo announced plans to acquire Darktrace, the UK’s best-known cybersecurity firm, so regulators should be on alert for anti-competitive practices.”