The benchmark S&P 500 index is up 10.5% in 2024 so far, and it's on track to enter April near an all-time high. However, that doesn't mean there is an absence of opportunities for those looking to buy stocks.

According to a prediction by the researchers at Cybersecurity Ventures, cybercrime will cost the world $9.5 trillion in 2024. Research firm McKinsey & Company predicts the corporate sector will spend approximately $213 billion on cybersecurity this year to combat those threats, a figure it says is grossly inadequate.

McKinsey believes companies should be spending up to $2 trillion per year, collectively. That spending gap will likely contract in the coming years as cyberattacks cause more financial and reputational damage to businesses.

This spells opportunity for some of the leading providers of cybersecurity software, including Tenable (TENB -3.02%) and CrowdStrike (CRWD -2.76%). Here's why investors should consider buying shares of both of those companies, even with the S&P 500 regularly hitting new highs.

Tenable is an expert in vulnerability management

Tenable owns Nessus, the most widely deployed vulnerability management tool in the cybersecurity industry. It actively scans cloud networks, operating systems, and devices in search of weak spots so managers can patch them before they are exploited by potential attackers. Nessus can identify over 83,000 common vulnerabilities and exposures, which is more than any other tool on the market.

Nessus is a broad product that now serves as an on-ramp to Tenable's growing portfolio of advanced cybersecurity tools. The company offers solutions for specific industries -- from financial services to automotive manufacturing -- but it also delivers an all-encompassing platform called Tenable One, which covers cloud security, identity security, and attack surface management, among other things.

However, last year Tenable also launched a generative AI product, ExposureAI, which integrates into Tenable One to enhance the user experience. It empowers managers to rapidly hunt down vulnerabilities using natural language queries (as opposed to programming and code), and it also clearly explains a business's security posture to drive fast remediation processes.

Tenable is used by more than 40,000 organizations worldwide, but 1,721 of them were spending $100,000 or more annually on its platforms as of the end of 2023. That was a 21% increase compared to the end of 2022, and it highlights how important advanced cybersecurity is becoming to large, complex organizations.

In 2023, Tenable's revenue rose 17% to a record $798.7 million. Its revenue growth is decelerating because management is cutting costs to focus on profitability, and its non-GAAP net income soared 119% for the year to $97.1 million.

Tenable wasn't profitable on a GAAP (generally accepted accounting principles) basis, but its net loss did shrink by 14%. Non-GAAP figures strip out one-off and non-cash expenses like stock-based compensation. Slowing growth and higher profits are common themes in the cybersecurity industry at the moment, after providers spent years operating under growth-at-all-costs strategies.

Tenable stock is cheap relative to most of its peers. Based on its 2023 revenue and its market capitalization of $5.8 billion, it trades at a price-to-sales (P/S) ratio of 7.2, which may sound rich but is far below CrowdStrike's P/S ratio of 26.1 or Palo Alto Networks' P/S multiple of 13.3. That makes Tenable a good value, especially considering the growing importance of its products.

CrowdStrike is a leader in AI-based cybersecurity

CrowdStrike is an endpoint cybersecurity specialist, which means it focuses on protecting the computers and devices used by employees within a given organization to access its data. Endpoints are where 90% of successful cyberattacks originate, because workers have the most exposure to the outside world through their emails, messaging platforms, and phone calls, making them vulnerable targets.

Automation is at the heart of CrowdStrike's Falcon platform, which is important because it's unreasonable to expect every employee to be a cybersecurity expert. That automation is powered by AI, and CrowdStrike has some of the most advanced models in the industry. They are trained on more than 2 trillion security events every day, and they make over 180 million indicator-of-attack decisions every second to assess the intent of attackers.

Navigating such a high volume of attacks would be impossible without AI, but the more incidents that occur, the smarter CrowdStrike's models become. Falcon also goes beyond the endpoint to offer cloud security, data security, and exposure management (among other things). It even includes a generative AI chatbot called Charlotte AI, which serves as a virtual assistant to help managers complete cybersecurity tasks up to 75% faster. As of Jan. 31 (the end of its fiscal 2024), 64% of CrowdStrike's customers were using at least five Falcon modules, which highlights the breadth of the platform.

CrowdStrike's revenue grew 36% in fiscal 2024 to more than $3 billion. As was the case with Tenable, its growth rate decelerated. However, CrowdStrike delivered its first-ever positive result for annual GAAP net income: $89.3 million. That was a wide swing from its $183.2 million net loss in fiscal 2023. The company's non-GAAP net income also soared by 104% to $751.7 million.

The stock has been on a tear -- up over 400% in the last five years and trading near an all-time high. As I mentioned, it's sitting at a P/S ratio of 26.1, which is elevated relative to some of its peers. But the company recently told investors it plans to nearly triple its annual recurring revenue to $10 billion within the next five to seven years -- and in that context, the stock might look cheap to long-term investors.

Considering the $1.8 trillion cybersecurity spending gap identified by McKinsey, CrowdStrike's long-term revenue target might even prove to be conservative.