This piece is a guest piece written by Richard Anton, Co-Founder and General Partner of Oxx.

Richard has been investing in software companies for more than 20 years and has deep expertise in scaling and internationalizing B2B SaaS companies. As a specialist SaaS investor, Oxx partners with the most promising European B2B software companies at the scale-up stage. Richard is a venture capital veteran and former Chairman of the British Venture Capital Association.

Just as AI is revolutionising industries from healthcare and engineering to fashion, one of its most rapidly adopted use cases is cybercrime. Bad actors are taking advantage of it to automate attacks, create more convincing phishing emails, legitimise impersonation attacks with deepfakes, detect system vulnerabilities, and more. Such advancements have seen cybercrime progress from a cottage industry to an industrial-level organised racket. Especially combined with our new-found reliance on the cloud due to the rise of remote working.

Thanks to AI, it has never been cheaper or easier. Criminals no longer even need to have an in-depth understanding of coding, phishing or writing malware to do considerable damage, with access to malicious Large Language Models like WormGPT and jailbroken versions of public models like ChatGPT that will do the work for them. And at a lower cost than similar services that existed before AI (€5-€182 vs €366). All this results in a continually increasing volume of attacks, currently sitting at around 560,000 each day in the UK.

It also means criminals are getting faster at exploiting vulnerabilities, reacting in real time. According to Fortinet’s most recent Global Threat Landscape Report, criminal response was 43% quicker in the second half of 2023 than the first. Take the very recent global Microsoft, caused by a faulty CrowdStrike update. Within hours, a host of phony domains offering quick fixes had already popped up, while phishing emails claiming to be from CrowdStrike’s support or security team started circulating. It's unsurprising, then, that the global cost of cybercrime is already an eye-watering $9.22 trillion (€8.46 trillion) in 2024 and is forecast to rise to $13.82 trillion (€10.70 trillion) by 2028. 

To combat this, EU legislators are turning their attention to improving cybersecurity on a governmental level. The European Commission brought in the NIS2 Directive at the start of 2023, for instance, which set out minimum rules for regulatory frameworks and more stringent cybersecurity implementation. A more granular Draft Implementing Regulation has also been released, which will apply from October 2024 once finalised. Similarly, the DORA (Digital Operational Resilience Act) European Directive, which will apply to all EU Member States from January 2025, aims to strengthen cybersecurity, but with a specific focus on financial entities. 

All of this to say that the importance of cybersecurity is rapidly escalating, bringing about myriad opportunities for tech companies offering solutions and, of course, their investors. European revenue is projected to reach $45.69 billion (€41.95 billion) in 2024 and counting, with AI-integrated solutions leading the charge. Such tools can improve both operational efficiency and a security team’s ability to mitigate complex attacks by automating the monitoring, analysis, detection of and response to threats in real time. 

Hungarian start-up SEON, for instance, offers a fraud-detection solution that identifies genuine customers by real-time digital footprint analysis. It secured the country’s largest-ever Series A funding of €10 million when it raised in 2021 and has since obtained just over €86 million in Series B. Swiss unicorn Acronis, currently valued at $3.50 billion (€3.21 billion), last year chose to bolster its already successful cyber protection solutions with a brand new AI-powered approach, which includes the ability to proactively identity and neutralise potential threats, as well as automated recovery from ransomware attacks. Darktrace uses AI to analyse thousands of metrics to reveal small deviations that may signal an incoming threat and then autonomously blocks the connection within seconds. The Cambridge-based company has become a global leader in its field and is in the process of being acquired by Thoma Bravo for $5.32 billion (€4.88 billion).

What is essential for the continued success of cybersecurity companies is to stay reactive and innovate around new criminal tactics. SOCRadar, for example, took notice of a shift towards the targeting of medium-sized enterprises, unable to afford the comprehensive security systems available to the largest organisations and thus left vulnerable to cyber attacks. The start-up leverages AI to provide cost-efficient and tailored solutions for medium-sized enterprises, an approach that has secured it $25.2 million (€23.13 million) in Series B funding and made it one of the fastest-growing cybersecurity companies in the world. 

Ultimately, as AI continues to develop, cybercriminals will further take advantage of it and adapt their tactics accordingly. This unfortunately means the amount of data and money obtained illicitly will be ever increasing. The reward for cybersecurity firms and those who back them will therefore increase proportionately, provided they follow suit to stay ahead of both bad actors and the rest of the market.