Regional enterprise security and risk management spending to grow by 11%

According to a recent forecast by Gartner, MENA enterprise information security and risk management spending will total US$1.7 billion in 2020, an increase of 10.7% from 2019.

“The double-digit growth is a reflection of how organizations in MENA region are coming up to speed with their global counterparts in adopting information security and risk management solutions,” said Sam Olyaei, research director at Gartner. “More importantly, an evolving threat landscape and the advent of digital transformation is forcing local security and risk leaders to re-evaluate their spending priorities.”

Security services and network security continue to be the top two security and risk management spending priorities for CISOs in MENA. Both segments will account for 66% of total security and risk management spending in 2020 (see Table 1).

(Table 1) Enterprise Information Security and Risk Management End User Spending by Segment, MENA, 2019-2021 (Millions of U.S. Dollars)

Segment 2019 2020 2021
Application Security 40 44 48
Cloud Security 8 15 26
Data Security 57 72 92
Identity Access Management 146 161 178
Infrastructure Protection 227 255 285
Integrated Risk Management 30 33 36
Network Security 315 341 368
Other Information Security Software 27 28 30
Security Services 755 828 902
Total 1,604 1,776 1,965

Managed Security Services includes services that involve security processes such as monitoring, detection, and response. “We continue to see a pervasive shortage of talent in the region, especially as it relates to tactical functions, and this has pushed leaders to leverage managed security service providers (MSSPs) and other consultants to manage their operational capabilities,” said Olyaei.

Despite smaller levels of spending, cloud security and data security will continue to remain the fastest growing segments for enterprise security and risk management spending. A shift to a cloud-first strategy remains a priority in MENA, especially as major cloud service providers set up shop in the region. Additionally, The Data Protection Law (DPL) implemented in Bahrain in April 2019 and the possibility of United Arab Emirates (UAE) to deploy strict data privacy rules by the end of 2020 have compelled MENA organizations to rethink their data security framework to continue doing business in the region. As a result, Gartner predicts that by 2020, investment in data security will total US$72 million, an increase of 26% year over year.

The growing spending in security and risk management also showed that it has become a boardroom priority locally. CISOs in MENA are seeking to improve their communication with the board of directors who have more visibility on security, threats and vulnerabilities than ever. “Simply put, executives are beginning to realize the true business impact of cybersecurity,” said Olyaei. “It is no longer a matter of if, but when and executives are demanding that their leaders continue to facilitate business outcomes”