Middle East and North Africa enterprise information security and risk management spending will total $1.7 billion in 2020, an increase of 10.7% from 2019, according to a recent forecast by Gartner. Security services and network security continue to be the top two security and risk management spending priorities for CISOs in MENA. Both segments will account for 66% of total security and risk management spending in 2020. Managed Security Services includes services that involve security processes such as monitoring, detection, and response.
Despite smaller levels of spending, cloud security and data security will continue to remain the fastest growing segments for enterprise security and risk management spending. A shift to a cloud-first strategy remains a priority in MENA, especially as major cloud service providers set up shop in the region.
Additionally, The Data Protection Law implemented in Bahrain in April 2019 and the possibility of United Arab Emirates to deploy strict data privacy rules by the end of 2020 have compelled MENA organisations to rethink their data security framework to continue doing business in the region. As a result, Gartner predicts that by 2020, investment in data security will total $72 million, an increase of 26% year over year.
The growing spending in security and risk management also showed that it has become a boardroom priority locally. CISOs in MENA are seeking to improve their communication with the board of directors who have more visibility on security, threats and vulnerabilities than ever.
“The double-digit growth is a reflection of how organisations in MENA region are coming up to speed with their global counterparts in adopting information security and risk management solutions,” said Sam Olyaei, Research Director at Gartner. “More importantly, an evolving threat landscape and the advent of digital transformation is forcing local security and risk leaders to re-evaluate their spending priorities.”
“We continue to see a pervasive shortage of talent in the region, especially as it relates to tactical functions, and this has pushed leaders to leverage managed security service providers and other consultants to manage their operational capabilities. Simply put, executives are beginning to realise the true business impact of cybersecurity. It is no longer a matter of if, but when and executives are demanding that their leaders continue to facilitate business outcomes.”
Key takeaways
- 68% of digital organisations have a cybersecurity expert on staff, but remain incapable of managing digital risk.
- Artificial intelligence and machine language are gaining traction, but are still not mature.
- As virtual and physical worlds merge into something new in the digital world, digital security issues can now have physical consequences, such as risks to buildings, mines or pipelines, and also medical devices.
- Concerns about cyber risks are one of the main inhibitors to progress with digital business initiatives.
- Create formal and defensible programmes.
- Organisations in the Middle East had the largest average number of breached records and the highest days to identify and contain the data breach.
- Organisations will need to think differently about recruitment and retention.
- Privacy and geopolitical concerns are coming the fore.
- Security services are proving extremely popular due to lack of in-house skills.
- Stop buying technologies and using consultants, they do not save you from regulatory compliance, board requests, breach response.
- There is increased awareness at the Board level, with the need for business value.
- There is shift from traditional software licensing to as a service licensing.
- There will be broad, global shortage of skilled security professionals.
- Traditional cybersecurity teams are not prepared to address new cybersecurity risks that digital business initiatives introduce.