Cyberattackers are among the most sophisticated criminals in the world. Just when we think our defensive technology is one step ahead of the hackers, they still find ways to steal sensitive and valuable data.
Look at the Yale New Haven Health System (“YNHHS”), for example. Last April, YNHHS – a large healthcare system serving patients in Connecticut, New York, and Rhode Island – announced a major data breach that exposed the medical and personal information of roughly 5.5 million people.
Just a couple months earlier, PowerSchool – a cloud-based student information system and edtech provider for K-12 schools – was breached by attackers. This hack exposed around 62 million student records, including information like medical histories and Social Security numbers.
Complicating matters, companies worldwide are increasingly integrating autonomous AI tools and agents. In fact, the global use of AI agents increased by more than 300% in just four months.
The problem is that as more companies turn to agentic AI to advance their businesses, that same agentic AI provides cyberattackers with another point of vulnerability. And many businesses simply aren’t prepared.
Gravitee, a global leader in application-programming-interface (“API”) management, reports that 47% of the 3 million AI agents used across large corporations in the U.S. and U.K. operate without oversight.
The use of AI makes cybersecurity more important than ever. It’s no longer a discretionary IT cost… It’s critical infrastructure.
That’s why investors should pay close attention to the cybersecurity industry.
Why Agentic AI Is Driving a New Cybersecurity Spending Cycle
Think about this statistic: According to recent research from Rubrik Zero Labs, AI agents and other “non-human identities” (digital and automated credentials that help services, software, and hardware authenticate, interact, and perform tasks without human intervention) in the workplace now outnumber humans 82 to 1.
This research also revealed that:
- Eighty-nine percent of survey respondents incorporate AI agents into their identity infrastructure.
- Fifty-eight percent state that security concerns are the main reason for switching identity and access management (“IAM”) providers.
- Eighty-nine percent of organizations surveyed plan to hire professionals to manage or improve identity management, infrastructure, and security within the next year.
- Fifty-eight percent of IT security decision-makers believe that at least half of the cyberattacks they encounter over the next year will be driven by agentic AI.
There’s clearly cause for concern here. Yes, AI helps organizations streamline processes and workforces, as well as provide enhanced customer experiences. But it also gives hackers a larger attack surface. And IT security teams are struggling to keep up with the constantly expanding surface.
Part of those challenges can be attributed to AI phishing.
Think of AI phishing as traditional phishing on steroids. Most of us know how to identify typical phishing scams – grammatical errors, nonspecific greetings, and odd formatting in emails.
Now? AI helps scammers deliver grammatically clean, personalized phishing messages that can easily be mistaken for legitimate correspondence. And these messages aren’t being caught by humans or IT security programs.
By October 2025, AI-generated phishing was the No. 1 enterprise email threat, according to cybersecurity researchers. And this type of phishing has grown a mind-blowing 1,265% since 2023. In fact, nearly 83% of phishing emails currently use some type of AI-generated content.
IBM’s (IBM) X-Force Red team experimented with creating AI phishing emails through a generative AI model and found that it was able to develop convincing messages in five minutes. These types of emails would normally take IBM’s team around 16 hours to create.
Even scarier? Research from 2024 showed AI-generated phishing’s click-through rates hit 54%. Traditional, human-crafted phishing emails only reached 12%.
If organizations aren’t employing multilayered cybersecurity strategies, they’re risking a lot: Sensitive data, money, trust, and reputation… just to name a few risks.
What do these strategies entail? Every organization is different. But solutions include:
- Adopting the National Institute of Standards and Technology (“NIST”) AI Risk Management Framework, which helps better manage AI-related risk.
- Fighting AI with AI by using it to detect, examine, and respond to threats faster than standard methods.
- Implementing multifactor authentication (“MFA”) and “zero trust” models for constant data monitoring.
- Continuously running AI infrastructure tests and monitoring to find security vulnerabilities.
- Using encryption, strict data validation, and other methods to keep sensitive information protected.
Organizations now need consolidated cybersecurity solutions that allow them to see their entire security system across all networks, cloud environments, and endpoints. And security teams need the tools that allow them to deploy data-driven defense measures before an attack occurs.
Fortunately, there are several cybersecurity companies focused on these solutions. We’ll look at three of them today.
Three Cybersecurity Stocks to Watch
Palo Alto Networks (PANW)
One company leading the charge in consolidated, integrated cybersecurity platforms is Palo Alto Networks, and it’s doing so through a strategy called “platformization.” That’s a techy way of saying that Palo Alto Networks provides its customers with one unified platform to replace dozens of individual security programs. This allows businesses to manage their cybersecurity more efficiently.
Palo Alto Networks’ platformization approach features three core pillars that cover all IT environments. Strata protects corporate networks, Prisma covers the cloud, and Cortex uses AI to automate threat detection and response.
The company’s fiscal 2025 financials prove it’s delivering the goods. Palo Alto Networks earned more than $9.2 billion in revenue, a nearly 15% increase over 2024. Gross profit rose 13.4% year over year to $6.8 billion. And its $1.24 billion in operating income grew almost 82%. The company’s 2025 generally accepted accounting principles (“GAAP”) net income did drop 56%, however, from $2.58 billion in 2024 to $1.13 billion.
Palo Alto Networks started off fiscal 2026 strong, though. Q1 revenue was up 16% year over year to $2.5 billion. And it’s in the process of acquiring cloud observability platform Chronosphere for $3.35 billion, and identity security firm CyberArk (CYBR) for $25 billion to expand its services.
PANW earns a strong overall “A” grade from the Stansberry Score (courtesy of our subsidiary Stanberry Research) – a tool that assesses a stock’s value and long-term investment potential. PANW ranks within the top 400 stocks, with an “A” in both Financials and Capital Efficiency and a “B” in Valuation.
Fortinet (FTNT)
Fortinet is another highly rated company known for its innovation in AI-driven automation and quantum-computing-resistant security.
Its FortiAI-Assist – which combines generative AI, agentic AI, and AI for IT operations – streamlines network operations and accelerates response through automation and analytics. This helps security teams improve efficiency and battle more threats with fewer resources.
The company also sets the standard regarding future-proof protection of sensitive data against potential quantum computing threats. And its FortiGate firewalls offer integrated security, AI-powered technology, and flexible licensing to help businesses protect hybrid environments.
These innovations make Fortinet’s services highly sought-after in multiple sectors.
Fortinet recently concluded an outstanding fiscal 2025. Among the highlights:
- Total revenue was $6.8 billion, up 14% from 2024.
- Free cash flow came in at $2.21 billion, up from $1.88 billion.
- Earnings per share jumped 16% to $2.76.
The Stansberry Score for FTNT reflects those metrics. The stock earns a rare “A+” grade, which places it just outside Stansberry’s top 100 stocks out of nearly 4,600. Its Capital Efficiency – driven by the company’s strong margins and cash flow – is about as good as it gets (“A”), ranking within the top 40 in that category. FTNT’s Financials (“A”) and Valuation (“B”) are also rock solid.
CrowdStrike (CRWD)
CrowdStrike uses AI-driven detection and behavioral analytics to seek, identify, and stop cyberthreats like malware, ransomware, and unauthorized activity in real time. By doing so, CrowdStrike aims to keep data, servers, and cloud environments safe from breaches.
Its Falcon platform proactively searches for threats, while a threat-hunting team adds an extra 24/7 layer of protection. Its performance is backed by perfect scores on industry certifications and evaluations from testing organizations such as SE Labs. And the company has been recognized as an industry leader by Gartner and Forrester.
CrowdStrike put up solid results in fiscal 2025, and its fiscal 2026 looks strong so far as well. (CrowdStrike’s fiscal year runs from February 1 to January 31; its Q4 2026 and full-year earnings will be released on March 3.)
The company posted $3.95 billion in total revenue for 2025, up 29% year over year. CrowdStrike reported a record $1.38 billion in full-year operating cash flow. It also generated free cash flow of $1.07 billion. CrowdStrike’s 2025 annual gross profit was $2.96 billion, a 29% jump from 2024.
The company is poised to top fiscal year (“FY”) 2025, as total revenue for the first three quarters of FY 2026 stands at $3.5 billion. Its year-to-date operating cash flow is already up to $1.11 billion. And its free cash flow stands at $858.9 million with Q4’s numbers yet to be announced.
Those figures are all very encouraging. But CrowdStrike is still trying to rebuild its reputation.
In July 2024, CrowdStrike caused a massive IT outage when it pushed a software update to one of its products, impacting multiple industries, from airlines to hospitals. One cybersecurity expert labeled it “the largest IT outage in history.”
The outage and the disruptions it caused lingered for days. It resulted in estimated losses of more than $5 billion. And it led to Delta Air Lines (DAL) suing CrowdStrike. Delta claimed a loss of more than $500 million due to 7,000 disrupted flights that impacted 1.3 million customers.
This type of incident isn’t easily forgotten. The company, despite its successes, suffered a reputational hit. And it’s one reason CRWD stock hasn’t been moving the needle.
CRWD is also widely seen as overvalued. The stock’s trailing-12-month price-to-sales (“P/S”) ratio sat at 23.7 as of mid-February. Its peers’ average P/S ratio is 10.1, highlighting CRWD’s premium pricing.
The valuation concerns are reflected in CrowdStrike’s Stansberry Score. It garners a “C” overall based mostly on “C” grades in Valuation and Financials. That could be because, despite robust operational revenue, the company is not performing well enough against investor expectations and its valuation.
The Risks of Cybersecurity Stocks
The cybersecurity industry tends to thrive even when economic conditions are challenging. The reason is simple… protection against cyberthreats and attacks is an absolute must.
Despite that demand, there are a few risks to note if you’re considering investing in cybersecurity stocks.
- High valuation: The cybersecurity sector has grown rapidly, and it will continue to do so for a while. In 2025, the global cybersecurity market was valued at nearly $219 billion. Between this year and 2034, it’s projected to explode to roughly $700 billion. That period is highlighted by a projected compound annual growth rate of 13.8%. But some cybersecurity stocks, in the eyes of some analysts, already price this future growth into their valuations.
- Increased R&D spending: As technology continues evolving, so do hackers and cybercriminals. And the cybersecurity industry must stay ahead of them. To do so, more investment in research and development (“R&D”) is often necessary. In the 12 months ending on October 31, 2025, CrowdStrike spent $1.34 billion alone on R&D. That’s roughly 38% more than the company spent the year before. During the same period, Palo Alto Networks invested more than $2 billion in R&D. Though these types of investments often pay off in the long run, they can cause stock volatility in the short term because R&D spendingreduces revenue.
- Intense competition: The cybersecurity industry is a crowded one, filled with established tech titans, as well as ambitious, specialized startups. This type of competition can be great for customers. After all, they certainly won’t be lacking in cybersecurity options. But it can result in pricing wars that compress profit margins.
The Bottom Line: Why Cybersecurity Spending Is Here to Stay
AI, for all its benefits, has become a target – and a tool – for sophisticated cybercriminals. As AI use among enterprises provides hackers with a larger and potentially more vulnerable attack surface, those same hackers are using AI for phishing scams that are much harder to detect than traditional phishing emails. And that’s just one small example.
Cyberattacks can bring a business to its knees. That’s why cybersecurity spending is a required business expense now more than ever. And the three stocks outlined above offer different avenues toward investing in the long-term security measures that companies need to protect their AI, cloud, and digital infrastructures.
Regards,
David Engle
Editor’s note: Since the start of 2025, more than 700 stocks have doubled. That’s incredible.
And yet, says True Wealth senior analyst Brett Eversole, we’re not done yet. His latest research shows a new pattern forming that could send today’s record-high market soaring even higher.
He calls this pattern the Melt Up Tsunami. And he has identified at least six stocks that could benefit, including one stock he says could not just double, but triple. He names that stock in his new presentation, found here.
