Hey there, bargain hunter.
Here’s the thing about cybersecurity spending: it doesn’t get cut. Not in recessions. Not in rate cycles. Not even when CFOs are slashing everything else down to the bone.
And right now, with AI doing the attacking, the budgets aren’t just holding, they’re accelerating in a way the sector hasn’t seen in years.
Gartner projects global end-user spending on information security will reach $244 billion in 2026. That follows $213 billion in 2025 (up from $193 billion in 2024). The reacceleration is real, and the catalyst is straightforward: AI has fundamentally lowered the cost and expertise required to launch sophisticated attacks. Some of the more viral metrics floating around here (like “10,000 personalized phishing emails per minute” and blanket “3,000%” deepfake-fraud jumps) are hard to source cleanly across the industry—but the direction is not in dispute: attackers are scaling social engineering and exploit automation with generative tools.
And the government response is getting sharper. In June 2026, CISA issued a new remediation directive compressing mandatory patching timelines for high-risk flaws to as little as three days, with officials and reporting explicitly citing AI-accelerated exploitation as a driver.
When the government is scared, enterprise budgets follow.
PwC’s 2026 Global Digital Trust Insights survey of 3,887 executives found that 60% of business and tech leaders rank cyber risk investment in their top three strategic priorities, driven by geopolitical uncertainty. That’s not a trend. That’s a structural floor under every major cybersecurity vendor’s order book.
Where the Value Actually Is
The sector ran hot in 2024. Then it corrected, unevenly. And now something interesting is happening: the bifurcation between quality names and oversold names is wider than it’s been in years. That’s where the bargain hunter pays attention.
Start with Fortinet (FTNT). This one didn’t just survive the sector correction: it ripped through it. Q1 2026 revenue came in at $1.85 billion, up 20% year-over-year. Product revenue rose 41%. Billings were up 31%. Record operating cash flow of $1.08 billion. Free cash flow of $1.01 billion. Management raised 2026 revenue guidance to ~15% year-over-year growth. The stock has been up sharply since that report. And despite the move, some analysts still see it as the cheapest quality name in the sector, trading at roughly 30x forward earnings with ~80% gross margins. That combination is rare.
Then there’s Zscaler (ZS). This is the contrarian name. The stock is down more than 36% year-to-date heading into the back half, not because the business broke, but because multiple compression hit cloud security names hard. Q2 fiscal 2026 revenue grew 26% year-over-year to $815.8 million. The company processes over half a trillion transactions daily: a data moat competitors simply cannot replicate. And Zscaler’s ThreatLabz 2026 AI report flagged a 91% year-over-year surge in enterprise AI activity, with enterprise data transfers to AI/ML applications up 93% year-over-year.
Slight tangent, but it matters: OpenAI’s Trusted Access for Cyber program, announced in April 2026, included participants such as Palo Alto Networks, CrowdStrike, and Zscaler. This is likely to reinforce the “platform” narrative at the top end of the market—even if the program itself is about governed access for defenders rather than an explicit M&A mandate.
CrowdStrike (CRWD) is the quality compounder that’s already been discovered: the FY27 revenue outlook around $5.87–$5.93 billion is out there, execution remains excellent, but a lot of the recovery is priced in. Add on weakness, not here.
The Budget That Can’t Be Deferred
What’s interesting is how cybersecurity spending has become structurally non-discretionary. EY reports that 85% of senior security leaders who are using AI in cybersecurity say their current cybersecurity budget is insufficient to meet AI-enabled threats. Cybersecurity now absorbs about 13.2% of IT budgets on average, up from 8.6% in 2020.
No year has seen a decline in global cybersecurity spending. Not one. The pattern is ratchet-like: every major incident raises the baseline permanently and it never comes back down.
- FTNT: Q1 2026 revenue $1.85B, +20% YoY. Billings +31%. FCF $1.01B. ~80% gross margins. Full-year guidance raised to ~15% growth.
- ZS: Q2 FY26 revenue $815.8M, +26% YoY. 91% YoY surge in enterprise AI activity and 93% YoY increase in data transfers to AI/ML applications (per ThreatLabz 2026 AI report). Stock down 36%+ YTD on multiple compression, not fundamentals.
- CRWD: ARR is $5B+ (recently reported at $5.51B as of April 30, 2026). FY27 revenue outlook around $5.87B–$5.93B. Quality execution. Hold, add on dips.
- PANW: SASE ARR has crossed $1.3B, growing 34%. CyberArk identity acquisition closed Feb. 11, 2026. Growth slower at ~15%, and the platform payoff is back-end loaded.
- Sector tailwind: Gartner expects that by 2028, more than 50% of enterprises will use AI security platforms to secure third-party AI service usage and protect custom-built AI applications (a more precise framing than “75%+ using AI-amplified products”).
What Could Go Wrong
The bull case is structural. The risk is valuation.
Some of these names, even after corrections, still carry premium multiples. If AI spending broadly slows in 2027 as enterprises tighten ROI requirements, Forrester sees 25% of planned AI spending deferred to 2027, and security budgets could feel pressure at the margin. Hardware refresh cycles at Fortinet are real execution risk if the macro softens. And AI-generated code vulnerabilities could shift some of the spending toward internal tooling rather than third-party vendors.
The other risk: consolidation cuts both ways. Smaller vendors may get squeezed out or acquired at big premiums: which is great if you own the target, not so great if you own the acquirer overpaying for it.
The Cheap Investor Take
The cleanest risk-adjusted entry in this sector today is probably Fortinet, with real earnings, real cash flow, the cheapest quality multiple in the group, and a product cycle (FortiOS 8.0, NVIDIA integration) that’s still early. Zscaler is the higher-conviction contrarian if you believe the cloud security multiple compression is temporary and not permanent. The fundamentals say temporary. CrowdStrike is the one you hold if you already own it, not the one you chase.
The bottom line: AI didn’t just change how we work. It changed how we get attacked. And that’s a spending mandate that boards can’t defer, CFOs can’t cut, and regulators won’t allow them to ignore.
