Cyberattacks Might Soon Cost Businesses $10.5 Trillion Every Year -- 2 Cybersecurity Growth Stocks to Buy in 2024

Near the end of 2022, research and consulting firm McKinsey & Company completed a detailed study on cybersecurity spending among businesses. Its findings suggested the corporate sector should be investing a collective $2 trillion each year on cyber protection. But there's a problem.

In 2023, companies are on track to spend a grand total of just $189 billion on cybersecurity.Considering McKinsey estimates cyberattacks are on track to cause a whopping $10.5 trillion in damage per year by 2025 (according to research from Cybersecurity Ventures), that number is grossly insufficient.

It leaves a $1.8 trillion spending gap, which will likely narrow in the coming years as the cost of not having cybersecurity skyrockets. That should benefit every cybersecurity provider, but especially Tenable (TENB 1.34%) and Zscaler (ZS 1.28%), which might be among the best bets for investors in the new year.

1. Tenable is a leader in vulnerability management

Many years ago, a company's digital infrastructure would be stored on premises without a constant internet connection. But the widespread adoption of cloud computing means most businesses now rent centralized data centers to operate online. That leaves them vulnerable to cyberattacks around the clock, and they can originate from anywhere in the world.

Vulnerability management technology is a key form of cybersecurity that scans devices, operating systems, and cloud networks to identify weaknesses attackers could breach. Tenable owns Nessus, which is the most widely deployed vulnerability management tool in the world. It protects against more common threats and exposures than any competing platform, and it's recognized as the most accurate, with the lowest rate of false positives in the industry.

Nessus serves as an on-ramp to some of Tenable's more comprehensive cybersecurity tools, like TenableOne. That's a fully fledged exposure management platform complete with cloud and identity security. It also includes a generative artificial intelligence (AI) tool called ExposureAI, which is designed to speed up analysis and incident response. ExposureAI can explain risks in plain English, and it can even offer guidance on how to fix certain vulnerabilities.

With 2023 wrapping up, Tenable is on track to deliver a record-high $791 million in revenue for the year. That's a fraction of the company's addressable market, which it pegs at $33 billion. But even that number undersells Tenable's true opportunity, which lies in the $1.8 trillion spending gap identified by McKinsey.

No matter which way you slice it, Tenable has a long runway for growth, and its stock could be a great long-term investment as more enterprises recognize the importance of cybersecurity.

2. Zscaler is a leader in cloud and zero trust identity security

Zscaler is a $33 billion company, so it's about 6 times larger than Tenable. Its Zero Trust Exchange is one of the most advanced cloud and identity security solutions in the entire industry, and it's solving some of the biggest challenges faced by modern organizations.

Technology is shrinking the globe. Companies can now hire employees who are located anywhere in the world because the cloud allows them to work remotely. But that comes with problems, especially as it pertains to cybersecurity.

When an employee is in the office, management can physically verify their identity. But when they work remotely -- sometimes from the other side of the world -- it's difficult to tell whether it's really them signing into the organization's network, or whether their credentials have been compromised.

Zscaler's Zero Trust technology solves that issue by treating every sign-in attempt as hostile. It not only verifies the employee's username and password, but it also analyzes their location and the device they are using. If they live in Canada but are signing in from Russia, that's a good clue their login information has been stolen.

Plus, Zscaler only allows employees to connect to the online applications they need for their jobs -- not the network itself -- so even if a hostile actor breaches Zero Trust, they can't jump across to other valuable assets. This significantly reduces the attack surface and confines hackers to very narrow areas of the organization.

Over 7,700 businesses now use Zscaler, including 40% of the Fortune 500. Collectively, they are securing 41 million of their employees against more than 9 billion incidents every single day. That translated into $1.6 billion in revenue for Zscaler in its fiscal 2023 (ended July 31), a number that is expected to grow by 30% to $2.1 billion in the current fiscal 2024 year.

But Zscaler has barely scratched the surface of its opportunity. It believes there are 335 million individual users (workers) in its addressable market, paving the way for $72 billion in total revenue. That leaves significant room for growth, but Zscaler will benefit to an even larger degree if McKinsey's research proves correct.

Editor's note: This article has been corrected to attribute research to Cybersecurity Ventures.