Artificial intelligence stocks have been driving the stock market’s action over the course of the three-year bull market that began in late 2022. AI stocks like Nvidia, Broadcom, Micron, and Palantir have put up astronomical returns.
But there is one area of the tech sector that has not seen a major boost from the AI supercycle—at least, not yet: cybersecurity. However, some notable Wall Street analysts see that changing, forecasting that cybersecurity stocks will break out in 2026.
Is this investment blind spot about to emerge as a bright spot for investors amid the currently murky environment for tech stocks?
Why Cybersecurity Stocks Have Lagged
Over the three-year bull market, the leading pure-play cybersecurity stocks have generally lagged other leading AI stocks, and there are a few broad reasons for that. Some, like CrowdStrike, are extremely overvalued and have been for several years. Also, those companies endured some high-profile problems in recent years, most notably the massive computer outage CrowdStrike triggered in July 2024 when it released a flawed software update. That single error temporarily tanked CrowdStrike’s stock.
But more broadly, during the past three years, a large share of tech spending went toward AI infrastructure and areas that could boost productivity and efficiency. While cybersecurity is a necessity, it is largely seen as a more defensive area of spending, so it wasn’t getting the massive budget increases that other areas of the AI universe were.
More recently, cybersecurity stocks were pummeled along with many other types of software stocks, as investors panicked that AI models (like Anthropic’s Claude Code Security, for example) would make their traditional offerings less useful.
But now, that narrative is starting to shift. Recently, JPMorgan Chase Private Bank came out with a report that projected global cybersecurity spending would reach $240 billion in 2026. Further, JPMorgan strategists predict that spending on cybersecurity will hit $320 billion by 2029, which would be an 11% compound annual growth rate, and that spending on AI-related cybersecurity will grow 3 to 4 times as fast as the broader industry.
AI’s Next Wave
This spending increase will be driven by a few factors, according to JPMorgan Chase. First, rising global geopolitical tensions are elevating the need for better, faster, and more advanced cybersecurity measures for governments, corporations, and systems. And the JPMorgan Chase commentary came out before the U.S. launched its war with Iran in late February.
Since the Iran war began, cybersecurity stocks have jumped. CrowdStrike has gained about 3.3% in the past month, while Palo Alto Networks has gained 6.1%, and Cloudflare has surged 15.4%.
The other factor that will drive cybersecurity spending, according to JPMorgan Chase, is the need to protect the AI infrastructure investments that companies and governments have made in their systems. While cybersecurity was largely overlooked in the last wave of AI spending, it will be a central focus in the next wave.
Analysts at Wedbush largely concur with these conclusions. In a research note published in February, Wedbush analyst Dan Ives wrote that “AI will be a major tailwind to the cybersecurity sector over the coming years as protection of use cases, data, and end points expand markedly.”
It will become even more critical because cybercriminals are using AI, and upgraded defenses are needed to combat it. Ives also dismissed concerns that AI models will replace enterprise cybersecurity because the systems are far too vast and complex to be protected effectively solely with AI-devised models.
Both JPMorgan Chase and Wedbush have pointed to three companies they expect will be winners in the cybersecurity space: CrowdStrike, Palo Alto Networks, and Zscaler.
CrowdStrike Holdings Inc. (CRWD) currently trades around $399 with a $101 billion market cap. The company provides cloud-delivered endpoint protection, threat intelligence, and cyberattack response services. Despite the July 2024 software update incident that caused a massive global computer outage, CrowdStrike has gained about 3.3% in the past month as cybersecurity demand surges following the Iran war.
CrowdStrike is rated a buy by 71% of analysts covering it, and the median price target of $494 per share forecasts 26% upside from current levels. This upside potential reflects Wall Street’s conviction that CrowdStrike will be a primary beneficiary of the coming wave of cybersecurity spending.
The company’s Falcon platform uses machine learning and behavioral analytics to detect and prevent threats in real-time. The cloud-native architecture allows rapid deployment across organizations without requiring on-premises hardware installations. This lightweight approach has driven strong customer adoption, particularly among enterprises seeking to consolidate security tools.
CrowdStrike’s challenge following the July 2024 incident was rebuilding trust after a flawed update took down systems globally. The company has implemented additional quality controls and update testing procedures to prevent similar issues. Customer retention metrics and new customer additions in quarters following the incident will indicate whether the damage was temporary or lasting.
The stock carries a high valuation with elevated price-to-earnings ratios that have persisted for years. Bulls argue the premium is justified by CrowdStrike’s market leadership and growth trajectory. Bears point to valuation risk if growth decelerates or competition intensifies.
Palo Alto Networks Inc. (PANW) trades around $161 and has gained 6.1% in the past month since the Iran war began. The company provides network security, cloud security, and security operations products to enterprises, service providers, and government entities.
Palo Alto is considered a buy by 83% of analysts who follow it, and the median price target of $206 per share would represent 28% upside from current levels. This represents one of the higher conviction ratings among the three cybersecurity leaders.
Palo Alto Networks operates across multiple security domains including network firewalls, cloud-delivered security services, and security operations platforms. This breadth creates opportunities to consolidate security spending with a single vendor, which many enterprises prefer over managing relationships with multiple point solution providers.
The company has been transitioning from hardware-based firewall sales toward subscription-based software and cloud services. This shift creates more predictable recurring revenue but requires managing the transition period when hardware sales decline faster than subscription revenue scales. The success of this transition will determine whether Palo Alto can maintain growth rates.
Geopolitical tensions drive demand for Palo Alto’s government and critical infrastructure solutions. Nation-state actors have become more aggressive in cyber operations, creating urgency for upgraded defenses. Palo Alto’s track record securing government networks positions it well for increased spending in this category.
The 6.1% gain since the Iran war began suggests investors recognize Palo Alto’s exposure to geopolitical cybersecurity spending. If tensions remain elevated or expand to other regions, government and critical infrastructure spending could accelerate further.
Zscaler Inc. (ZS) currently trades around $140 with a $22 billion market cap. The company provides cloud-based security services that protect users, applications, and data regardless of device or location. Zscaler is rated a buy by 86% of analysts covering it, the highest conviction rating among the three companies.
The median price target of $220 per share would represent 56% upside from current levels—the highest potential return among the three cybersecurity leaders. This outsized upside reflects both Zscaler’s growth potential and its recent underperformance creating a lower entry point.
Zscaler pioneered the Zero Trust security architecture that assumes no user or device should be trusted by default, even inside corporate networks. This approach contrasts with traditional perimeter-based security that focused on keeping threats outside the network. Zero Trust has become the preferred model as remote work and cloud adoption eliminate the traditional network perimeter.
The company’s cloud-native platform scales to handle increasing traffic without requiring customers to deploy additional hardware. As organizations migrate applications to the cloud and adopt hybrid work models, Zscaler’s architecture aligns better with these trends than legacy on-premises security appliances.
Zscaler competes with larger players like Palo Alto Networks and newer entrants building Zero Trust capabilities. The company’s pure-play focus on cloud-delivered security provides differentiation, but it also means less diversification than competitors offering multiple security products. Success depends on maintaining technological leadership in Zero Trust architecture.
The 86% buy rating from analysts and 56% upside to median price targets suggest Wall Street sees Zscaler as particularly well-positioned for the next wave of cybersecurity spending. The stock’s recent struggles create an entry point for investors believing in the Zero Trust adoption trend.
The Investment Case for Cybersecurity
The shift in cybersecurity spending from afterthought to priority reflects several converging trends. First, the Iran war and broader geopolitical tensions have elevated cybersecurity from IT concern to national security priority. When critical infrastructure faces nation-state cyber threats, governments and corporations must invest in upgraded defenses regardless of budget pressures.
Second, the massive AI infrastructure investments made over the past three years now require protection. Companies spent billions building data centers, deploying GPUs, and developing AI models. These assets represent both valuable intellectual property and critical operational infrastructure. Leaving them inadequately protected undermines the entire investment thesis.
JPMorgan Chase’s projection that AI-related cybersecurity spending will grow 3 to 4 times faster than the broader industry highlights this dynamic. As AI adoption accelerates, the attack surface expands. Each new AI application, API endpoint, and data integration point creates potential vulnerabilities that require security controls.
Third, cybercriminals are weaponizing AI to create more sophisticated attacks. AI enables automated vulnerability scanning, personalized phishing campaigns, and adaptive malware that evades traditional defenses. This arms race requires defenders to deploy AI-powered security tools capable of detecting and responding to AI-generated threats.
Wedbush analyst Dan Ives dismissed concerns that AI models will replace enterprise cybersecurity solutions. The systems are far too vast and complex to be protected effectively solely with AI-devised models. Human expertise combined with AI-augmented tools represents the likely path forward rather than pure automation replacing security professionals.
The $240 billion in projected 2026 cybersecurity spending represents an 11% compound annual growth rate through 2029 to reach $320 billion. This growth trajectory exceeds most software categories and reflects cybersecurity’s transition from discretionary to mission-critical spending.
For investors, cybersecurity stocks offer exposure to a sector that lagged the AI rally but appears positioned to catch up. The three-year underperformance relative to other AI stocks creates entry points at more reasonable valuations than would have existed had cybersecurity participated fully in the initial AI boom.
However, valuations remain a concern. All three of these stocks have high price-to-earnings ratios and may be overvalued at present. CrowdStrike trades at particularly stretched multiples that leave little room for execution missteps. Palo Alto’s transition from hardware to subscriptions creates near-term margin pressure that could disappoint if not managed well. Zscaler’s 56% upside to analyst price targets sounds compelling but requires flawless execution against larger, better-resourced competitors.
The analyst conviction remains notable—71% to 86% buy ratings with median price targets implying 26% to 56% upside. Wall Street clearly believes cybersecurity’s moment has arrived. Whether current valuations adequately price in this optimism or leave room for further appreciation depends on execution over coming quarters.
