How AI Energy Use Shapes the Future Value of Cybersecurity S

The market is obsessed with shiny AI demos and meme coins, but the real compounding cashflow is hiding in the least sexy corner of tech: cybersecurity. As AI systems like Apple’s new Siri absorb more of your financial life, and as geopolitical tension puts “trusted” infrastructure into question, one thing becomes mathematically unavoidable: every new digital convenience forces an upgrade in security spend. More data, more devices, more connections = more ways to get robbed.

The core insight is simple and brutal: cybersecurity is not a theme, it’s a tax on digitization. You don’t get to choose it, you just decide whether you pay it as a user, a business, or an investor. Alibaba gets tagged by the Pentagon as military-linked. Apple turns the iPhone into your AI control room. Ransomware locks hospitals and ports. None of this is random. It’s one integrated story: the world is wiring itself up faster than it’s locking itself down — and markets are still mispricing that gap.

What Really Happened — The Market Context

Let’s put some structure around the headlines and hype cycles.

1. Geopolitics just walked into your cloud bill

The U.S. Department of Defense has started formally labeling certain Chinese tech giants as “Chinese military companies.” Alibaba is one of them. This doesn’t just live in the news cycle. It translates into very specific, very boring, very profitable words inside large corporations and governments: compliance, vendor risk, supply chain security.

Here’s what that actually means in practice:

• Big enterprises review which cloud, payments, logistics, and data pipelines touch any flagged vendor.
• Risk and legal teams start asking: “Can we still justify this? What happens if regulators change the rules?”
• Boards suddenly care about “third-party risk management” — a phrase loved by nobody except cybersecurity vendors and consultants.

No, you don’t see “Alibaba flagged” and then “CrowdStrike +25%” on the same day. Markets don’t work that neatly. Instead, over the next quarters and years, you see quiet shifts: old vendors ripped out, new “trusted” ones brought in, entire security architectures re-designed.

2. AI made your phone a critical national infrastructure node

Apple’s AI upgrade to Siri isn’t just “smarter voice commands.” It is integration. The assistant is becoming a hub that can:

• Read and act on your messages and emails
• Talk to your banking apps and wallets
• Interact with your health data
• Control smart locks, cars, and home devices

That turns an iPhone into a live control panel for your life. Even if Apple does a decent job on-device, the total attack surface around you explodes: more apps, more APIs, more cloud sync, more third-party integrations. Attackers don’t need to crack Apple. They just need to compromise:

• That old email account you never closed
• A weakly-protected backup service
• A shady app with permissions you forgot to revoke

3. The cyber damage bill is already larger than the security budget

Global cybersecurity spending is currently in the ballpark of $200 billion per year, likely pushing toward $400–500 billion over the next few years. That sounds big — until you look at estimated global cybercrime damage: around $10 trillion per year by 2025 according to multiple industry forecasts.

Think of it this way:

• You live in a town that floods every quarter.
• Flood damage is measured in trillions.
• Half the town still doesn’t “believe in sandbags.”

That gap between what people should be spending and what they are spending is the investment opportunity. Every big breach tightens the gap. And those breaches are no longer hypothetical:

• Hospitals in Europe shut down by ransomware
• US government agencies compromised through software supply-chain attacks
• Ports and logistics operators locked out of their own systems

Each headline is not just a story — it’s a forced budget meeting somewhere. And that’s where the cash flows in.

The Mechanism Explained — How Cyber Turns Into Cashflow

If you’re going to invest in cybersecurity stocks, you need to understand the breach → budget → revenue pipeline. The mechanism is simple but delayed.

Step 1: A breach happens (or a risk gets flagged)

This can be:

• A major ransomware incident
• A nation-state hack of a government or flagship company
• A regulatory shock, like the Pentagon labeling a major supplier “military-linked”

Step 2: Pain and embarrassment

At the affected organization, three forces suddenly light up:

• Regulators start asking questions or tightening rules.
• Executives get dragged into headlines or internal blame games.
• Boards get nervous about liability and reputational risk.

No one wants to be the next company on the front page because they cheaped out on security.

Step 3: Budgets get rewritten

Within 3–12 months, you typically see:

• “One-time” emergency security projects approved
• Larger ongoing cybersecurity budgets
• New rules about which vendors are “allowed” or “forbidden”

That money doesn’t go to one ticker symbol. It flows into buckets:

• Network & endpoint security (firewalls, antivirus, device protection)
• Identity & access management (IAM) (who is allowed into what system)
• Managed security services (outsourced monitoring and incident response)

Step 4: Recurring revenue shows up in earnings

Most modern cybersecurity businesses are built on a subscription / SaaS model. Once they’re wired into a company’s infrastructure:

• They generate predictable recurring revenue
• They tend to be very “sticky” — ripping them out later is painful and risky
• Their dollar-based net retention (how much existing customers spend next year) often exceeds 110–120%+ for strong players

This is why security is more like plumbing than like social media apps. When it works, you don’t think about it. When it fails, everything else stops.

Step 5: The compounding loop

Here’s the crucial part: each new wave of technology (cloud, remote work, crypto, AI assistants, IoT) adds a fresh layer of attack surface. That forces:

• New products
• New safeguards
• Higher minimum security baselines

So you get a ratchet effect: security spend can pause or shift between categories, but over multi-year cycles the direction is overwhelmingly up. The “cyber tax” rises with each wave of digitization.

What The Experts Know (That You Don’t)

Professionals who live in this space every day understand some subtle dynamics that most retail investors miss.

1. Cybersecurity is decoupled from the standard tech cycle

Security budgets don’t track meme sentiment. They track:

• Regulatory pressure
• Incident history
• Board-level fear

When the S&P drops and “discretionary” IT spending gets cut, security lines often stay flat or even grow. Why? Because no CFO wants to explain a breach after they just slashed the security team. That’s career-suicide behavior.

So while high-beta AI chip stocks and crypto tokens whip around with sentiment, the better cybersecurity names can:

• Grow through recessions
• Maintain high renewal rates
• Keep raising prices modestly

2. AI doesn’t just defend — it also supercharges attackers

There’s a shallow story floating around: “AI will help security vendors catch threats faster.” That’s only half the equation. AI also:

• Makes phishing and social engineering more convincing, cheaper, and scalable
• Helps attackers find vulnerabilities in code faster
• Automates the “grunt work” of scanning and exploiting targets

Humans are already bad at digital hygiene — reusing passwords, clicking suspicious links, ignoring updates. AI makes those human weaknesses more exploitable at scale. That’s why the total cyber risk curve under AI is almost certainly upward, not downward.

3. Supply-chain security is the silent meta-theme

Attacks rarely target the most hardened player directly. It’s much easier to:

• Compromise a small vendor in the supply chain
• Abuse a widely-trusted software update mechanism
• Abuse hardware or infrastructure made by a “friendly” but politically sensitive provider

When the Pentagon signals that certain foreign companies are effectively intertwined with military or intelligence operations, large Western enterprises read that as: “Your supply chain just became a national security question.” That benefits:

• Vendors that can audit and secure third-party access
• Companies offering zero-trust architectures (don’t trust any device or request by default)
• Firms able to quickly “clean” and re-architect messy multi-vendor environments

4. Wall Street undervalues invisible infrastructure

Markets love obvious, consumer-facing narratives — AI chatbots, flashy crypto projects, VR headsets. Cybersecurity, by design, hides in the background. Its job is to prevent headlines, not create them. That has two implications:

• Most investors underweight security because it’s “boring” and “technical.”
• Analysts often fail to model the step-changes in demand triggered by regulatory shifts or incidents.

That’s where edge lives: understanding that the “plumbing” is where the rent gets collected.

5. The three business-model buckets matter more than the buzzwords

If you strip away the marketing, almost every cybersecurity business fits primarily into one of three buckets:

• Network & endpoint security – Firewalls, intrusion detection, antivirus, device agents. Usually sold as subscriptions with per-device or per-user pricing.
• Identity & access management (IAM) – Single sign-on, multi-factor auth, privileged access control. Central to zero-trust concepts.
• Managed security services / SOC-as-a-service – 24/7 monitoring, incident response, compliance reporting, security operations centers run as a service.

The most attractive names in public markets and late-stage private markets generally have:

• High subscription revenue share
• High gross margins (software-based, not hardware-heavy)
• Strong dollar-based net retention (customers expand contracts over time)

Experts ruthlessly anchor on those metrics rather than hype.

Real-World Implications — For Your Portfolio and Financial Life

This isn’t about becoming a “cyber expert.” It’s about understanding where the unavoidable money is going to flow.

1. Treat cybersecurity as part of your “infrastructure sleeve”

In a diversified portfolio, you might group assets like this:

• Growth (AI, cloud, software)
• Defensive (healthcare, staples)
• Infrastructure (utilities, data centers, cybersecurity)

Cybersecurity belongs in that third bucket: the digital utility layer. As dependence on the internet, cloud, and AI grows, security becomes as non-negotiable as electricity.

2. Understand that AI convenience is a hidden cyber risk factor

Every time you or your company adopts a new digital convenience — AI assistants, smart devices, crypto wallets, new fintech apps — ask a simple question: “What’s our security cost for this?” If the answer is “we haven’t thought about it,” that’s exactly the gap cyber vendors are going to monetize later.

At the personal level, AI tools will encourage:

• Less checking (“the system knows what it’s doing”)
• Faster clicking and approvals
• More connections between accounts and services

That’s great for UX, terrible for attack-resilience. You either pay up in time and discipline now, or you pay in money and pain later.

3. As an investor, follow “breach-to-budget” instead of headlines

Headlines tell you what happened. Earnings tell you who got paid. A simple approach:

• When you see a major breach or a new regulation, write down the date.
• Track the next 2–4 quarters of earnings for major security vendors.
• Watch for commentary like “elevated demand,” “increased win rates,” “strong pipeline,” “regulatory-driven projects.”

Over time, you’ll see the pattern: pain today, budgets tomorrow, revenue the quarters after.

4. As a user, recognize you’re already paying the cyber tax

You’re paying it when:

• Your bank charges more “security & compliance” fees
• Your cloud storage or trading app slowly hikes prices
• Your employer forces new login systems and security training on you

That money isn’t disappearing. It’s flowing into the security ecosystem. If you don’t like that, your only real lever is to own the tollbooths instead of only driving on the highway.

5. Crypto and DeFi are cyber risk on leverage

If you’re in crypto markets, understand that:

• Private keys are the purest form of digital attack surface.
• Exchange hacks, wallet exploits, and protocol vulnerabilities all feed the same story: insufficient security for the value at risk.
• Regulated, security-focused crypto infrastructure (custodians, secure wallets, auditing tools) will skim fees as the space matures.

Again: tax, not theme.

Key Takeaways — Actionable Points

• 1. Reframe cybersecurity as a structural tax on technology, not a niche theme.
  Every new layer of digitization — AI assistants, cloud, remote work, crypto, smart homes — automatically increases required security spend. Stop thinking “if” we need more security and start thinking “how much more” for each new tech wave.
• 2. Learn the three main cybersecurity business models before you buy anything.
  Sort companies into: (a) network/endpoint security, (b) identity & access management, (c) managed security services. Then check three numbers: revenue growth, % subscription, dollar-based net retention. High subscription + high retention usually = durable “cyber tax collector.”
• 3. Track the breach-to-budget cycle instead of chasing daily moves.
  When you see major breaches or geopolitical designations (like Alibaba being flagged military-linked), expect a multi-quarter lag. Breach now → board panic and regulation → enlarged budgets → higher revenues for security vendors. Align your expectation with that slower mechanism.
• 4. Treat AI convenience as a reason to upgrade your own security hygiene.
  At a minimum: unique passwords with a manager, multi-factor authentication on key accounts (email, banking, broker, crypto wallets), and periodic permission clean-ups (revoke old app access). The same behavior that protects you individually is exactly what companies and governments are now forced to buy at scale.
• 5. Allocate a deliberate “digital infrastructure” slice in your portfolio.
  Don’t randomly own a cyber stock because it popped on Reddit. Decide what % of your equity exposure you want in digital infrastructure (data centers, cloud, cybersecurity), then build a watchlist of 3–5 security names and possibly an ETF. Study them via 10-Ks and earnings calls before you size any position.

The common thread: stop treating cybersecurity as a boring checkbox. It’s the toll system on the future internet. Geopolitics and AI aren’t separate forces; together, they multiply attack surfaces and make security spending non-negotiable.

If you want to see how all of this ties into specific tickers, financials, and market setups, go watch the full breakdown and hit subscribe.

Watch the full analysis on YouTube → @DrFredMarkets

⚠️ This is not financial advice. All content is for informational purposes only.