Enhancing cyber resilience, regulatory compliance, and securing digital transformation are pivotal drivers prompting MENA chief information security officers (CISOs) to boost their security investments in 2025. As enterprises in the MENA region drive digital transformation and integrate AI, they must focus on the cybersecurity threat landscape, protect critical infrastructure, and address insider threats to fortify their systems and enhance resilience against cyber threats.
– Shailendra Upadhyay, Sr Principal, Gartner
Gartner analysts are exploring ways in which security and risk management leaders can enhance their cybersecurity strategies at the Gartner Security & Risk Management Summit , taking place here through April 8, 2025.
Spending on security services is projected to grow 16.6% in 2025, representing the highest growth among all segments, driven by factors such as cost efficiency, skill shortages, and access to advanced tools and technology.
The challenge of sourcing staff with specialized skills for threat hunting and intelligence in advanced security operations is considerable. Managed services – a subset of security services, including managed detection and response (MDR) – offer solutions to bridge this skill gap. As a result, organizations are investing more in security services, driving growth in this segment.
– Shailendra Upadhyay, Sr Principal, Gartner
Security software spending is projected to account for nearly 45% of total information security spending in MENA, maintaining its position as the largest category for end-user spending in 2025, driven by an expanding threat landscape and increased adoption of cloud technologies.
MENA CIOs are boosting their investments in the integrated capabilities of generative AI (GenAI) applications, cloud services, and cybersecurity software to securely accelerate innovation for competitive differentiation, thereby intensifying their focus and spending on sub-segments, such as infrastructure protection, identity access management, and cloud security.
– Shailendra Upadhyay, Sr Principal, Gartner
Top Cybersecurity Trends to Prioritize in 2025
As AI becomes integral to mainstream operations, organizations must acknowledge both the opportunities for enhanced resilience and the potential threats. Gartner predicts that by 2027, 60% of organizations will fail to embrace organizational resilience principles, leaving them vulnerable to global technology threats. Therefore, CISOs in the region should proactively prepare for complex cyberthreats by taking a collaborative approach to resilience planning.
– Sam Olyaei, Vice President, Gartner
To deliver a sustainable cybersecurity program, security leaders in MENA must prioritize two key cybersecurity trends:
Trend 1: GenAI is Driving Data Security Programs
The rise of GenAI is shifting focus to unstructured data security and preference for synthetic data over obfuscated data in training.
Gartner recommends that organizations invest in synthetic data generation tools to replace traditional anonymization, effectively mitigating privacy risks and ensuring compliance.
Security leaders must leverage technologies such as data security posture management (DSPM) to catalog, monitor, and govern both structured and unstructured data. Reallocating resources and budgets to fortify data security across all forms of unstructured data is crucial, as these elements are becoming increasingly valuable in GenAI applications.
– Sam Olyaei, Vice President, Gartner
Trend 2: Extend the Value of Security Behavior and Culture Programs
Security behavior and culture programs (SBCPs) have reached a point of inflection for most organizations.
By focusing on cultural and behavior-driven activities, organizations are embedding security into their culture, addressing cyber-risk awareness and responsibility at the human level.
This trend is gaining traction as organizations increasingly recognize that human behavior is crucial to cybersecurity, with GenAI significantly influencing this shift. Gartner predicts that by 2026, enterprises that integrate GenAI with a platforms-based architecture in their SBCPs will experience 40% fewer employee-driven cybersecurity incidents.
Well-designed SBCPs enhance employee engagement and satisfaction by actively involving them in their organization’s security initiatives. These programs not only ensure compliance with global regulations mandating employee training and awareness but also cultivate a resilient security culture that can adapt to future regulatory changes.
– Sam Olyaei, Vice President, Gartner
