Information security spending by Middle East and North Africa (MENA) enterprises is projected to total $3.3 billion in 2025, reflecting a robust increase of 14 percent from 2024, according to the latest forecast from Gartner, Inc. Security software is anticipated to remain the largest spending category in MENA, with projections indicating it will reach nearly $1.5 billion in 2025.
“Enhancing cyber resilience, regulatory compliance, and securing digital transformation are pivotal drivers prompting MENA chief information security officers (CISOs) to boost their security investments in 2025,” stated Shailendra Upadhyay, senior principal at Gartner.
“As enterprises in the MENA region drive digital transformation and integrate AI, they must focus on the cybersecurity threat landscape, protect critical infrastructure, and address insider threats to fortify their systems and enhance resilience against cyber threats.”
Gartner analysts are exploring strategies for security and risk management leaders to refine their cybersecurity approaches at the Gartner Security & Risk Management Summit, currently ongoing.
Spending on security services to surge
Spending on security services is expected to grow by a 16.6 percent in 2025, marking the highest growth among all segments. This surge is fueled by factors such as cost efficiency, skill shortages, and access to advanced tools and technology.
“The challenge of sourcing staff with specialized skills for threat hunting and intelligence in advanced security operations is considerable,” remarked Upadhyay. “Managed services—a subset of security services that includes managed detection and response (MDR)—provide solutions to bridge this skill gap. Consequently, organizations are increasingly investing in security services, propelling growth in this segment.”
Dominance of security software spending
Security software spending is projected to account for nearly 45 percent of total information security spending in MENA, maintaining its status as the largest category for end-user spending in 2025. This trend is driven by an expanding threat landscape and the accelerated adoption of cloud technologies.
“MENA CIOs are enhancing their investments in the integrated capabilities of generative AI (GenAI) applications, cloud services, and cybersecurity software to securely accelerate innovation for competitive differentiation. This focus intensifies their spending on sub-segments such as infrastructure protection, identity access management, and cloud security,” noted Upadhyay.
Read more | IT spending forecast: Gartner predicts 6.8 percent growth worldwide in 2024
Top cybersecurity trends to prioritize in 2025
“As AI becomes integral to mainstream operations, organizations must acknowledge both the opportunities for enhanced resilience and the potential threats,” advised Sam Olyaei, vice president at Gartner. “Gartner predicts that by 2027, 60 percent of organizations will fail to embrace organizational resilience principles, leaving them vulnerable to global technology threats. Therefore, CISOs in the region should proactively prepare for complex cyber threats by adopting a collaborative approach to resilience planning.”
To establish a sustainable cybersecurity program, security leaders in MENA must prioritize two key cybersecurity trends:
Trend 1: GenAI is driving data security programs
The rise of GenAI is shifting focus toward unstructured data security and a preference for synthetic data over obfuscated data in training.
Gartner further recommends that organizations invest in synthetic data generation tools to replace traditional anonymization methods, effectively mitigating privacy risks and ensuring compliance.
“Security leaders must leverage technologies such as data security posture management (DSPM) to catalog, monitor, and govern both structured and unstructured data,” emphasized Olyaei. “Reallocating resources and budgets to strengthen data security across all forms of unstructured data is crucial, as these elements are becoming increasingly valuable in GenAI applications.”
Trend 2: Extend the value of security behavior and culture programs
Security behavior and culture programs (SBCPs) have reached a critical juncture for most organizations. By concentrating on cultural and behavior-driven activities, organizations are embedding security into their culture, addressing cyber-risk awareness and responsibility at the individual level.
This trend is gaining momentum as organizations increasingly recognize that human behavior plays a vital role in cybersecurity, with GenAI significantly influencing this shift. Gartner also predicts that by 2026, enterprises that integrate GenAI with a platform-based architecture in their SBCPs will experience 40 percent fewer employee-driven cybersecurity incidents.
“Well-designed SBCPs enhance employee engagement and satisfaction by actively involving them in their organization’s security initiatives,” Olyaei remarked. “These programs not only ensure compliance with global regulations mandating employee training and awareness but also foster a resilient security culture that is adaptable to future regulatory changes.”
