Iran rejects U.S. war proposal, says no talks before conditions met
Microsoft Corporation (NASDAQ:MSFT) is synonymous with artificial intelligence (AI). The tech giant’s partnership with OpenAI was the catalyst for the company’s growing AI footprint. It’s also a key reason why MSFT stock has delivered a total return of over 150% in the last five years.
However, as investors have discovered, as AI adoption accelerates, so do the risks. Generative AI enables faster, more sophisticated cyberattacks that force companies and governments to prioritize operational security. That’s created a tailwind for pure-play cybersecurity names like CrowdStrike Holdings Inc (NASDAQ:CRWD) and Palo Alto Networks (NASDAQ:PANW).
Investors shouldn’t overlook Microsoft, which is quietly building one of the world’s most formidable cybersecurity franchises.
A $37 Billion Business Hidden in Plain Sight
In fiscal 2025, Microsoft generated approximately $37 billion in cybersecurity revenue, representing about 14% of total revenue. To put that in perspective, CrowdStrike reported just under $4 billion in trailing twelve-month revenue, and Palo Alto Networks reported around $10 billion.
Microsoft’s scale makes it more than three times larger than its closest specialized competitor.
Despite that, Microsoft’s security business rarely gets top billing. It doesn’t appear as a separate line item on its earnings reports. Instead, it’s woven into the company’s ecosystem, embedded within Microsoft 365, Teams, Copilot, Azure, and Windows.
This integration is a competitive advantage: instead of juggling multiple vendors, Microsoft delivers identity, endpoint, cloud, and operational technology security under one umbrella.
That stickiness creates a lock-in effect. CIOs and IT departments are already committed to Microsoft’s productivity and cloud platforms, and they have strong incentives to keep security in-house, reducing switching costs and increasing recurring revenue streams.
Patch Tuesday: A Reminder of Microsoft’s Indispensability
Every month, Microsoft issues security updates across Windows, Office, and other critical platforms, a cadence known as “Patch Tuesday.” On the surface, these patches may look like routine maintenance. However, they serve as a recurring reminder of Microsoft’s global responsibility to protect enterprise and government systems.
August’s Patch Tuesday was no different, addressing vulnerabilities that, left unpatched, could have exposed millions of systems. For investors, the importance is not in the technical details but in the structural demand cycle it illustrates:
- Indispensability: Companies worldwide rely on Microsoft’s updates as the frontline defense against evolving cyber threats.
- Customer Retention: Regular patch cycles reinforce reliance on Microsoft’s ecosystem, strengthening pricing power.
- Upsell Opportunity: Each cycle is a chance for Microsoft to showcase AI-enhanced security features, driving adoption of premium solutions.
In other words, Patch Tuesday is not just about fixing bugs; it’s about maintaining Microsoft’s role as an essential partner in cybersecurity.
AI as a Growth Multiplier
What sets Microsoft apart from other security providers is its ability to harness AI at scale. The company has over 1.4 million security customers and processes more than 65 trillion threat signals daily.
Feeding that data into AI models allows Microsoft to provide automated threat detection, rapid incident response, and predictive analytics that smaller firms cannot match.
AI is more than a defensive tool. It’s also a monetization lever. By embedding AI-powered threat detection into its premium offerings, Microsoft can expand margins while delivering value to enterprise customers who prioritize security. That gives Microsoft pricing power even in a competitive environment.
Cybersecurity Adds Support to a Premium Valuation
Microsoft trades at roughly 38x forward earnings. That’s not unusual for mega-cap technology stocks, but it does put the stock at a premium to the S&P 500’s 20x and to its own historical average. Bulls argue this premium is justified by its cloud and AI leadership, but cybersecurity should be viewed as an underappreciated third pillar.
At $37 billion, cybersecurity already rivals the scale of some of Microsoft’s smaller reporting segments. It could surpass $50 billion by 2030 if it grows at a mid-teens CAGR. Palo Alto Networks’ entire revenue base today is just one-fifth of that.
Investors should also note the recurring nature of this revenue. Security is not discretionary spending; it’s a mission-critical line item. Even in a downturn, companies are unlikely to cut security budgets, giving Microsoft’s cybersecurity business resilience that complements its cyclical cloud revenues.
