Information security spending by Middle East and North Africa (MENA) enterprises is projected to total US$3.3 billion in 2025, representing an increase of 14% from 2024, according to the latest forecast from Gartner, Inc. Security software will remain the largest spending category in MENA, forecast to reach nearly US$1.5 billion in 2025.
“Enhancing cyber resilience, regulatory compliance, and securing digital transformation are pivotal drivers prompting MENA chief information security officers (CISOs) to boost their security investments in 2025,” stated Shailendra Upadhyay, Senior Principal at Gartner.
“As enterprises in the MENA region drive digital transformation and integrate AI, they must focus on the cybersecurity threat landscape, protect critical infrastructure, and address insider threats to fortify their systems and enhance resilience against cyber threats.”
Gartner analysts are exploring how security and risk management leaders can strengthen their cybersecurity strategies at the Gartner Security & Risk Management Summit, taking place here through today.
Spending on security services is projected to grow by 16.6% in 2025, representing the highest growth among all segments. This is driven by factors such as cost efficiency, skill shortages, and access to advanced tools and technologies.
“The challenge of sourcing staff with specialised skills for threat hunting and intelligence in advanced security operations is considerable,” said Upadhyay. “Managed services – a subset of security services, including managed detection and response (MDR) – offer solutions to bridge this skills gap. As a result, organisations are investing more in security services, driving growth in this segment.”
Security software spending is expected to account for nearly 45% of total information security spending in MENA, maintaining its position as the largest category for end-user spending in 2025. This is fuelled by an expanding threat landscape and increased adoption of cloud technologies.
“MENA CIOs are boosting their investments in the integrated capabilities of generative AI (GenAI) applications, cloud services, and cybersecurity software to securely accelerate innovation for competitive differentiation. This is intensifying their focus and spending on sub-segments such as infrastructure protection, identity access management, and cloud security,” said Upadhyay.
Top Cybersecurity Trends to Prioritise in 2025
“As AI becomes integral to mainstream operations, organisations must acknowledge both the opportunities for enhanced resilience and the potential threats,” stated Sam Olyaei, Vice President at Gartner. “Gartner predicts that by 2027, 60% of organisations will fail to embrace organisational resilience principles, leaving them vulnerable to global technology threats. Therefore, CISOs in the region should proactively prepare for complex cyber threats by taking a collaborative approach to resilience planning.”
To deliver a sustainable cybersecurity programme, security leaders in MENA must prioritise two key cybersecurity trends:
Trend 1: GenAI is Driving Data Security Programmes
The rise of GenAI is shifting focus to unstructured data security and a preference for synthetic data over obfuscated data in training.
Gartner recommends that organisations invest in synthetic data generation tools to replace traditional anonymisation, effectively mitigating privacy risks and ensuring compliance.
“Security leaders must leverage technologies such as data security posture management (DSPM) to catalogue, monitor, and govern both structured and unstructured data,” said Olyaei. “Reallocating resources and budgets to fortify data security across all forms of unstructured data is crucial, as these elements are becoming increasingly valuable in GenAI applications.”
Trend 2: Extend the Value of Security Behaviour and Culture Programmes
Security behaviour and culture programmes (SBCPs) have reached a point of inflection for most organisations.
By focusing on cultural and behaviour-driven activities, organisations are embedding security into their culture and addressing cyber-risk awareness and responsibility at the human level.
This trend is gaining traction as organisations increasingly recognise that human behaviour is crucial to cybersecurity, with GenAI significantly influencing this shift. Gartner predicts that by 2026, enterprises that integrate GenAI with a platform-based architecture in their SBCPs will experience 40% fewer employee-driven cybersecurity incidents.
“Well-designed SBCPs enhance employee engagement and satisfaction by actively involving them in their organisation’s security initiatives,” said Olyaei. “These programmes not only ensure compliance with global regulations mandating employee training and awareness, but also cultivate a resilient security culture that can adapt to future regulatory changes.”
