More than half of cybersecurity leaders in the Middle East cite a lack of funding as the top challenge in doing their jobs.

According to new research from Deloitte, some 51% of respondents cited the lack of funding, compared to 36% of security leaders worldwide.

That said, cybersecurity spending in the Middle East and Africa is set to top $238 billion in 2024, according to Gartner — a huge rise from a projected $2.6 billion in 2022 — in light of increased attacks against targets in the regions.

Guy Rosenthal, vice president of product at DoControl, says that is evidence of the focus and concern about cybersecurity in markets such as the Middle East.

"It's very common even in markets like Europe and Eastern Asia for organizations to prioritize cybersecurity only after they reach a certain size," he says. "Now that organizations in the Middle East are gaining attention from threat actors, they have to up their game — and therefore their spending on cybersecurity."

Easier to Start Fresh

Spending on cybersecurity varies from organization to organization, Rosenthal says, but ramping up a cybersecurity program is easier nowadays, and without the the technical debt of long-standing cyber programs.

"[These security leaders] are free to explore and embrace new innovations like enterprise browsers to solve multiple problems like secure Web gateway, zero trust, etc. instead of embracing complex — and at times expensive — secure access service edge implementations," he says. "There are pros and cons to starting fresh, and the pros, like being able to nimbly embrace innovation, are often overlooked."

Jose Seara, CEO and founder at DeNexus, says adoption of tools built on automation and artificial intelligence can be easier and faster to deploy, as well as more effective in detecting new generations of cyber threats.

"With evidence-based data showing where their business and infrastructures are most vulnerable, what types of cyberattacks have the highest probability, and what's the potential return of risk mitigation strategies, [organizations] can optimize their cybersecurity budget to address the most acute cybersecurity weaknesses," Seara says.

Cyber Training Is Crucial

Nearly 70% of respondents in the Deloitte report say training and certification programs are key to engaging, retaining, and developing cybersecurity talent.

Tariq Ajmal, cyber leader at Deloitte Middle East, says training programs and certifications are available in the Middle East, especially with the prominence of the English language in the region's business ecosystem — particularly in cybersecurity.

"Organizations across the region need to ensure their people get the opportunity to upskill themselves and evolve to keep up with the continuously changing landscape," Ajmal says. "This demonstrates the importance of raising awareness among organizations about the need for real investment in this space as cyber continues to get deeper into every sector and industry."