Analysis

The market is underpricing cyber risk as a geopolitical beta, not just an IT spend line. The key second-order effect is that state-linked attacks are inherently non-compensable through normal operational workarounds, which shifts the economic damage from temporary downtime to regime-level confidence in logistics, utilities, and manufacturing reliability. That means the biggest losers are not pure-play software vendors, but the industrials, infrastructure operators, and insurers that carry hidden business interruption exposure without pricing for a war-risk profile. The most important catalyst is a change in frequency distribution, not just severity. Once incidents move from isolated outages to repeated testing of grids, water, transport, and factory systems, boards will be forced into redundant architecture, air-gapped backups, OT segmentation, and higher cyber insurance retentions over the next 6-18 months. That should create a capex tailwind for select security vendors while pressuring margins at regulated utilities and asset-heavy manufacturers that must fund resilience with limited pricing power. AI is an accelerant on both sides, but the asymmetry favors attackers in the near term because discovery scales faster than remediation. The contrarian read is that the immediate market reaction may overvalue generic cybersecurity names already crowded by secular AI/security narratives; the better risk/reward is in beneficiaries of mandated resilience spend and in shorts of exposed end-markets whose earnings models assume low disruption. If the geopolitical backdrop worsens, the path to upside is via multiple expansion for defense-adjacent cyber providers rather than broad software beta.