Information security spending by Middle East and North Africa (MENA) enterprises is projected to total $3,3-billion in 2025, an increase of 14% from 2024, according to the latest forecast from Gartner.
Security software will remain the largest spending category in MENA, forecast to reach nearly $1,5-billion in 2025.
“Enhancing cyber resilience, regulatory compliance, and securing digital transformation are pivotal drivers prompting MENA chief information security officers (CISOs) to boost their security investments in 2025,” says Shailendra Upadhyay, senior principal at Gartner.
“As enterprises in the MENA region drive digital transformation and integrate AI, they must focus on the cybersecurity threat landscape, protect critical infrastructure, and address insider threats to fortify their systems and enhance resilience against cyber threats.”
Spending on security services is projected to grow 16,6% in 2025, representing the highest growth among all segments, driven by factors such as cost efficiency, skill shortages, and access to advanced tools and technology.
Information Security End-User Spending for All Segments in MENA, 2024-2025 (Millions of US Dollars)
|
Segment |
2024 Spending |
2024
Growth (%) |
2025 Spending |
2025
Growth (%) |
| Network Security | 484 | 11.9 | 544 | 12.5 |
| Security Services | 1,099 | 18.2 | 1,281 | 16.6 |
| Security Software | 1,310 | 12.2 | 1,463 | 11.7 |
| Total | 2,893 | 14.3 | 3,289 | 13.7 |
Source: Gartner (April 2025)
“The challenge of sourcing staff with specialized skills for threat hunting and intelligence in advanced security operations is considerable,” says Upadhyay. “Managed services – a subset of security services, including managed detection and response (MDR) – offer solutions to bridge this skill gap. As a result, organisations are investing more in security services, driving growth in this segment.”
Security software spending is projected to account for nearly 45% of total information security spending in MENA, maintaining its position as the largest category for end-user spending in 2025, driven by an expanding threat landscape and increased adoption of cloud technologies.
“MENA CIOs are boosting their investments in the integrated capabilities of generative AI (GenAI) applications, cloud services, and cybersecurity software to securely accelerate innovation for competitive differentiation, thereby intensifying their focus and spending on sub-segments, such as infrastructure protection, identity access management, and cloud security,” says Upadhyay.
Trends to Prioritise in 2025
“As AI becomes integral to mainstream operations, organizations must acknowledge both the opportunities for enhanced resilience and the potential threats,” says Sam Olyaei, vice-president at Gartner. “Gartner predicts that by 2027, 60% of organizations will fail to embrace organizational resilience principles, leaving them vulnerable to global technology threats. Therefore, CISOs in the region should proactively prepare for complex cyberthreats by taking a collaborative approach to resilience planning.”
To deliver a sustainable cybersecurity program, security leaders in MENA must prioritise two key cybersecurity trends:
Trend 1: GenAI is Driving Data Security Programs
The rise of GenAI is shifting focus to unstructured data security and preference for synthetic data over obfuscated data in training.
Gartner recommends that organisations invest in synthetic data generation tools to replace traditional anonymization, effectively mitigating privacy risks and ensuring compliance.
“Security leaders must leverage technologies such as data security posture management (DSPM) to catalog, monitor, and govern both structured and unstructured data,” says Olyaei. “Reallocating resources and budgets to fortify data security across all forms of unstructured data is crucial, as these elements are becoming increasingly valuable in GenAI applications.”
Trend 2: Extend the Value of Security Behaviour and Culture Programs
Security behavior and culture programs (SBCPs) have reached a point of inflection for most organizations.
By focusing on cultural and behaviour-driven activities, organisations are embedding security into their culture, addressing cyber-risk awareness and responsibility at the human level.
This trend is gaining traction as organisations increasingly recognise that human behavior is crucial to cybersecurity, with GenAI significantly influencing this shift. Gartner predicts that by 2026, enterprises that integrate GenAI with a platforms-based architecture in their SBCPs will experience 40% fewer employee-driven cybersecurity incidents.
“Well-designed SBCPs enhance employee engagement and satisfaction by actively involving them in their organisation’s security initiatives,” says Olyaei. “These programs not only ensure compliance with global regulations mandating employee training and awareness but also cultivate a resilient security culture that can adapt to future regulatory changes.”