Information security spending by Middle East and North Africa (MENA) enterprises is projected to total $3.3 billion in 2025, an increase of 14% from 2024, according to the latest forecast from Gartner, Inc. Security software will remain the largest spending category in MENA, forecast to reach nearly $1.5 billion in 2025.
“Enhancing cyber resilience, regulatory compliance, and securing digital transformation are pivotal drivers prompting MENA chief information security officers (CISOs) to boost their security investments in 2025,” said Shailendra Upadhyay, Sr Principal at Gartner.
“As enterprises in the MENA region drive digital transformation and integrate AI, they must focus on the cybersecurity threat landscape, protect critical infrastructure, and address insider threats to fortify their systems and enhance resilience against cyber threats.”
Gartner analysts are exploring ways in which security and risk management leaders can enhance their cybersecurity strategies at the Gartner Security & Risk Management Summit, taking place here through today.
Spending on security services is projected to grow 16.6% in 2025, representing the highest growth among all segments, driven by factors such as cost efficiency, skill shortages, and access to advanced tools and technology (see Table 1).
Table 1. Information Security End-User Spending for All Segments in MENA, 2024-2025 (Millions of U.S. Dollars)
| Segment | 2024 Spending | 2024 Growth (%) | 2025 Spending | 2025 Growth (%) |
| Network Security | 484 | 11.9 | 544 | 12.5 |
| Security Services | 1,099 | 18.2 | 1,281 | 16.6 |
| Security Software | 1,310 | 12.2 | 1,463 | 11.7 |
| Total | 2,893 | 14.3 | 3,289 | 13.7 |
“The challenge of sourcing staff with specialised skills for threat hunting and intelligence in advanced security operations is considerable,” said Upadhyay. “Managed services – a subset of security services, including managed detection and response (MDR) – offer solutions to bridge this skill gap. As a result, organisations are investing more in security services, driving growth in this segment.”
Security software spending is projected to account for nearly 45% of total information security spending in MENA, maintaining its position as the largest category for end-user spending in 2025, driven by an expanding threat landscape and increased adoption of cloud technologies.
“MENA CIOs are boosting their investments in the integrated capabilities of generative AI (GenAI) applications, cloud services, and cybersecurity software to securely accelerate innovation for competitive differentiation, thereby intensifying their focus and spending on sub-segments, such as infrastructure protection, identity access management, and cloud security,” said Upadhyay.
Top Cybersecurity trends to prioritise in 2025
“As AI becomes integral to mainstream operations, organisations must acknowledge both the opportunities for enhanced resilience and the potential threats,” said Sam Olyaei, Vice President at Gartner. “Gartner predicts that by 2027, 60% of organisations will fail to embrace organisational resilience principles, leaving them vulnerable to global technology threats. Therefore, CISOs in the region should proactively prepare for complex cyber threats by taking a collaborative approach to resilience planning.”
To deliver a sustainable cybersecurity programme, security leaders in MENA must prioritise two key cybersecurity trends:
Trend 1: GenAI is driving data security programmes
The rise of GenAI is shifting focus to unstructured data security and preference for synthetic data over obfuscated data in training.
Gartner recommends that organisations invest in synthetic data generation tools to replace traditional anonymisation, effectively mitigating privacy risks and ensuring compliance.
“Security leaders must leverage technologies such as data security posture management (DSPM) to catalog, monitor, and govern both structured and unstructured data,” said Olyaei. “Reallocating resources and budgets to fortify data security across all forms of unstructured data is crucial, as these elements are becoming increasingly valuable in GenAI applications.”
Trend 2: Extend the value of security behavior and culture programmes
Security behavior and culture programmes (SBCPs) have reached a point of inflection for most organisations.
By focusing on cultural and behavior-driven activities, organisations are embedding security into their culture, addressing cyber-risk awareness and responsibility at the human level.
This trend is gaining traction as organisations increasingly recognise that human behavior is crucial to cybersecurity, with GenAI significantly influencing this shift. Gartner predicts that by 2026, enterprises that integrate GenAI with a platforms-based architecture in their SBCPs will experience 40% fewer employee-driven cybersecurity incidents.
“Well-designed SBCPs enhance employee engagement and satisfaction by actively involving them in their organisation’s security initiatives,” said Olyaei. “These programmes not only ensure compliance with global regulations mandating employee training and awareness but also cultivate a resilient security culture that can adapt to future regulatory changes.”
Gartner clients can read more in the report “Forecast: Information Security, Worldwide, 2023-2029, 1Q25 Update” and “Top Trends in Cybersecurity for 2025.”
Gartner Security & Risk Management Summit
Gartner analysts are presenting the latest research and advice for security and risk management leaders at the Gartner Security & Risk Management Summit, taking place April 7-8 in Dubai. Additional dates and locations include June 9-11 in National Harbor, MD, July 23-25 in Tokyo, August 5-6 in Sao Paulo and September 22-24 in London. Follow news and updates from the conferences on X using #GartnerSEC.
Discussion about this post