Middle East & Africa CISOs Plan to Increase 2024 Budgets by 10%

Geopolitical threats, security uncertainty surrounding generative AI, and increasing data-protection regulations across the Middle East, Turkey, and Africa will propel cybersecurity spending to more than $6.5 billion in 2024 — surpassing previous investment estimates.

The market forecast, part of IDC's overall information and communications technology (ICT) insights for the region, suggests that the cybersecurity market will continue to grow quickly in the Middle East, Turkey, and Africa (META) region. In fact, more than three-quarters of CISOs in the region are planning to increase budgets by at least 10% this year, IDC found. 

This strong growth in part is driven by companies facing more cybercrime and regulatory enforcement, requiring them to increase spending on cybersecurity products and services, says Yotasha Thaver, a research analyst for IT security data at IDC South Africa and META.

"The increase in successful cybercrimes has driven demand for consulting services in non-core countries where awareness is not as high compared to the core countries," she says. "There is also a push coming from governments — particularly in the Middle East — for improved cybersecurity."

IDC divides the region's countries into "core," which spend significantly on technology and cybersecurity, and "non-core" countries, which are on a slower growth curve. Both the Kingdom of Saudi Arabia and the United Arab Emirates (UAE), for example, are core countries and are ranked in the top-10 countries worldwide on the Global Cybersecurity Index, a five-year census of nations' efforts to secure their networks and technologies. 

IDC uses local market data, surveys, and more than 130 analysts across the region to calculate its estimates of market size and growth.

Governments, Private Sector Investing in Cybersecurity

While the Middle East, Turkey, and Africa account for a small fraction of the worldwide cybersecurity market — which IDC forecasted would reach $219 billion in 2023 — these regions are investing at about the same rate in their market as companies in North America and Europe. 

Yet the improvements are uneven, Thaver says. "Countries with improved security posture have higher demand for security services, such as managed security services and integration services, compared with other countries," she says. "With the exception of core countries, I would say that GCC countries" — that is, countries in the Gulf Cooperation Council, or Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the UAE — "are improving cybersecurity posture at a faster rate than African countries."

Yet companies in the Middle East still have a ways to go. More than half of Middle East firms (51%) cite a lack of funding as their main challenge in managing cybersecurity, compared with 36% globally, according to consulting firm Deloitte's "Middle East Future of Cyber" report. 

The entire region must contend with the rapidly changing environment as well, from the impetus to incorporate AI into their business operations to increasing attacks connected with geopolitical events, says Shilpi Handa, associate research director, META, for IDC.

"The uncertainty around generative-AI-related threats, increases in budgets, and a huge regulatory ramp-up — like in the Kingdom of Saudi Arabia, Jordan, and United Arab Emirates — especially around data privacy and AI guidelines" are driving the increase, she says. "And most importantly, geopolitical stress is leading to an increase in cyber budgets, especially in organizations with critical infrastructure."

Targeted Attacks Common

The forecasted growth in the cybersecurity market comes as local CISOs worry that their cloud security may be lacking, with around 70% of firms concerned over cloud security. Targeted attacks by state actors are common in the Middle East, with about 40% of cyber attacks carried out by APT groups, according to a report on the regional threats by cybersecurity firm Positive Technologies published last year. More than half of all threats targeted government agencies, industrial systems, or mass media, with remote access Trojans (RATs) and spyware the most common types of malware. 

While ransomware is less common, the rise of wipers — resembling ransomware's destructive capabilities — is a trend in the Middle East, the report stated. 

"A regional feature of the Middle East is the use of wipers by malicious actors in attacks using malware," the report stated. "When this malware infects a device, it erases all user and system files, causing the device to crash. A particularly dangerous scenario is when wipers infect ICS equipment, since its failure can lead to disruptions in the technological process and even to emergency situations."

Overall, organizations in both the Middle East and Africa regions tend to efficiently allocate their cybersecurity budgets, and they lead their peers in cybersecurity. However, with the exception of Saudi Arabia and the UAE, most countries lag behind their global peers in cybersecurity maturity.