Why the next defence boom will be digital

In this environment, cybersecurity is becoming the digital equivalent of air superiority. Defence policy has recognised this shift. Investors are only just catching up.

No hardware without software

Modern militaries are built on software. From precision-guided munitions and autonomous systems to communications and intelligence networks, digital infrastructure underpins every capability – and that reliance creates vulnerability.

The war in Ukraine has illustrated this reality in stark terms. In the ten months preceding the 2022 invasion, Ukrainian officials reported roughly 288,000 cyberattacks linked to Russian actors.¹ Since then, cyber operations have accompanied kinetic strikes, targeting power grids, communications networks, and government systems. Ukraine’s ability to maintain communications and operational coordination has depended heavily on cyber resilience – demonstrating that digital defence is now inseparable from physical defence.

The threat backdrop continues to intensify. Cyber threats are persistent, adaptive, and borderless. According to security firm CrowdStrike, hacks on the U.S. from suspected Chinese government actors more than doubled from 2023 to 2024.²

The UK’s National Cyber Security Centre reported a nationally significant or critical cyber incident every month in 2024. In 2025, more than 200 incidents were managed, 89 of which were classified as nationally significant.³

Ultimately, a fighter jet or naval fleet is only as effective as the networks that support it. If those systems fail, so does the hardware. This is a lesson that is reshaping NATO doctrine and redefining modern military readiness.

Cyber is no longer optional

The rise in cyber-attacks has moved cyber defence from strategic rhetoric to binding budgetary commitment.

NATO’s updated defence spending framework now allocates 3.5% of GDP to core military capabilities, with a further 1.5% explicitly directed toward areas including cyber security and critical infrastructure.⁴ The U.S. Department of Defense has requested more than $14 billion dedicated specifically to cyberspace activities in 2026, with further increases expected.⁵

Alongside this funding, it is implementing a comprehensive Zero Trust architecture to secure classified and operational networks. Providers such as Palo Alto Networks have supported this transition with integrated firewall, cloud and automation platforms, reflecting how cyber defence is being embedded directly into military infrastructure.

As these commitments crystallise into procurement programmes, the implications extend beyond defence ministries. Critical infrastructure operators, government agencies and allied industries are increasingly required to meet higher cyber resilience standards.

This policy shift is mirrored in capital flows. Global cyber security spending is forecast to grow at more than 12% annually, reaching over $370 billion by 2028. What was once seen as an IT expense is now treated as a core defence capability.

Cyber cannot be an afterthought

Modern militaries are now buying defence as a system rather than a collection of hardware. Cyber security protects, enables and enhances every physical capability. Excluding cyber security from a defence allocation in 2026 would be akin to planning a military campaign without air cover. Ground forces may still operate, but they would be exposed, constrained, and strategically disadvantaged. Cyber does not replace physical capability, but it enhances, protects, and enables it. As defence budgets expand, the nature of that spending is changing. The next phase of the defence cycle is likely to be driven not just by missiles and vehicles, but by software, data and digital infrastructure.

For investors looking at defence as a long-term theme, the key question is whether a modern defence allocation is complete without exposure to cyber security.

To find out more, visit our website.

Brought to you by