Geopolitical threats, security uncertainty surrounding generative AI, and increasing data protection regulations in the Middle East, Turkey, and Africa will push cybersecurity spending to more than $6.5 billion in 2024, surpassing previous investment estimates.
The market forecast, part of IDC’s overall information and communications technology (ICT) insights for the region, suggests that the cybersecurity market will continue to grow rapidly in the Middle East, Turkey and Africa region ( HALF). In fact, according to IDC, more than three-quarters of CISOs in the region are planning to increase budgets by at least 10% this year.
This strong growth is partly driven by companies facing increased cybercrime and regulatory enforcement, requiring them to increase spending on cybersecurity products and services, says Yotasha Thaver, research analyst for Data on IT security at IDC South Africa and META.
“The increase in successful cyber crimes has driven demand for counseling services in non-core countries, where awareness is not as high compared to core countries,” he says. “There is also a push from governments, particularly in the Middle East, to improve cybersecurity.”
IDC divides countries in the region into “core” countries, which spend significantly on technology and cybersecurity, and “non-core” countries, which are on a slower growth curve. Both the Kingdom of Saudi Arabia and the United Arab Emirates (UAE), for example, are key countries and are ranked among the top 10 countries in the world in the Global Cybersecurity Indexa five-year census of nations’ efforts to protect their networks and technologies.
IDC uses local market data, surveys and more than 130 analysts across the region calculate its estimates of market size and growth.
Governments and the private sector are investing in cybersecurity
While the Middle East, Turkey and Africa represent a small part of the global cybersecurity market, which IDC forecasts it will reach $219 billion in 2023 — these regions invest in their market at about the same rate as companies in North America and Europe.
However, the improvements are not uniform, Thaver says. “Countries with a better security record have a higher demand for security services, such as managed security services and integration services, than other countries,” she says. “With the exception of the major countries, I would say that the GCC countries” – that is, the Gulf Cooperation Council countries, or Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the United Arab Emirates – “are improving the security posture computing at a faster rate than African countries.”
Yet Middle Eastern businesses still have a long way to go. According to a survey, more than half of Middle Eastern companies (51%) cite lack of funding as the top challenge in managing cybersecurity, compared to 36% globally. the “Middle East Future of Cyber” report by the consultancy firm Deloitte.
The entire region is also grappling with a rapidly evolving environment, from the push to incorporate AI into its business operations to growing attacks tied to geopolitical events, says Shilpi Handa, associate director of research, META, for IDC .
“Uncertainty around threats related to generative AI, increasing budgets and huge regulatory increases – such as in the Kingdom of Saudi Arabia, Jordan and the United Arab Emirates – particularly around data privacy and intelligence guidelines artificial” are driving the increase, she says. “And most importantly, geopolitical stress is leading to increased IT budgets, especially in organizations with critical infrastructure.”
Targeted attacks Common
The expected growth in the cybersecurity market comes as local CISOs fear their cloud security may be lacking around 70% of companies are concerned about cloud security. Targeted attacks by state actors are common in the Middle East, with around 40% of cyberattacks carried out by APT groups, according to a regional threat report from cybersecurity firm Positive Technologies published last year. More than half of all threats targeted government agencies, industrial systems or mass media, with remote access trojans (RATs) and spyware the most common malware types.
While ransomware is less common, the rise of wipers, reminiscent of ransomware’s destructive capabilities, is a trend in the Middle East, the report said.
“A regional feature of the Middle East is the use of wipers by attackers in attacks using malware,” the report states. “When this malware infects a device, it deletes all user and system files, causing the device to crash. A particularly dangerous scenario is when windshield wipers infect ICS equipment, since their failure can lead to disruptions in the technological process and even to emergency situations.”
Overall, organizations in both the Middle East and Africa they tend to allocate their cybersecurity budgets efficientlyand are at the forefront of cybersecurity. However, with the exception of Saudi Arabia and the United Arab Emirates, most countries lag behind their global competitors in terms of cybersecurity maturity.