Cybersecurity Firms Show Software Industry How to Navigate AI
Cybersecurity Firms Show Software Industry How to Navigate AI
Publish Date: 2026-04-23 14:56:00
Source Domain: www.goldmansachs.com
Using an unordered list, summarize the following article with between 4 and 8 key points. In the first quarter of 2026, the software industry sustained one of its most significant stock corrections in years. The selloff wasn’t triggered by the industry’s current business performance but rather its prospects over the long term, according to Goldman Sachs Research. With the growth of artificial intelligence (AI) applications, investors questioned the viability of the sector’s business models and the adequacy of its competitive defenses, or “moats.”
Yet Gabriela Borges, a software sector analyst with Goldman Sachs Research, says there are moves industry leaders can make to meet the challenges of AI. They may want to look at one particular tech subsector for inspiration—cybersecurity.
In their never-ending battle against digital attackers, cybersecurity companies have honed the agility to adapt to sudden technological and strategic challenges. They’ve become especially adept at using mergers and acquisitions (M&A) to fill gaps in their capabilities. Their resilience is a big reason why US cybersecurity stocks are trading at a 24% premium to the broader US software industry this year when measured by enterprise value to forward sales (as of April 15), says Borges.
“Over the last 10 years, cybersecurity firms have been dealing with existential threats,” Borges says. “Now they show what good innovation and durable moats look like over time. They set a good bar for the larger software industry.”
We spoke with Borges about the cybersecurity industry’s prowess at handling disruptive technology, what software companies can do to follow suit, and why an obscure idea called “technical debt” is becoming more important to investors in this space.
Why are cybersecurity companies well positioned to handle threats like AI?
The biggest difference in cybersecurity versus pretty much any other area of technology is that research and development is more revolutionary than evolutionary. So what does that mean? In cybersecurity you’re up against an active adversary, a bad guy, a hacker. They are constantly trying to undermine your product.
You can’t just make the same product a little bit faster and a little bit better every year and expect to have a powerful, effective security software tool. You have to be prepared for the next big security threat, which we can’t predict. And unlike software-as-a-service, or SaaS, companies, which may have a bit less experience operating in such a disruptive environment, the security companies do have this experience. They are battle-tested.
How do cybersecurity firms stay ahead of the innovation curve?
The best security platforms are really good at identifying holes in their organic product development road map and acknowledging that it doesn’t always make sense to develop new capabilities themselves. Instead, they look at the startup pipeline, acquire the best and brightest, and roll them out to their customers when they’re ready.
But leading cyber firms don’t just buy a startup and jury-rig its technology onto their own platforms as soon as possible. They take their time absorbing acquired firms. I cover one leading firm that took 18 months to integrate a company with $10 million in revenue. By the time they launched an integrated product it could scale really quickly, customers recognized its effectiveness right off the bat. Five years later, it is now the cornerstone of a business that has generated more than $500 million. So you can see how this deal became a huge source of strength for the company.
So software firms should follow suit?
Yes. For software companies, we think it makes a lot more sense to have the venture capital community sponsor next-generation innovation rather than depend too much on organically developing new capabilities. Then software company leadership teams can pick out and acquire the best technology.
