“The double-digit growth is a reflection of how organisations in MENA region are coming up to speed with their global counterparts in adopting information security and risk management solutions,” said Sam Olyaei, research director at Gartner. “More importantly, an evolving threat landscape and the advent of digital transformation is forcing local security and risk leaders to revaluate their spending priorities.”

Gartner analysts described how security and risk management leaders can advance their strategy in front of over 350 attendees at the Gartner Security & Risk Management Summit, which is took place on October 28-29 in Dubai, UAE.

Security services and network security continue to be the top two security and risk management spending priorities for CISOs in MENA. Both segments will account for 66% of total security and risk management spending in 2020 (see table above).

Managed Security Services includes services that involve security processes such as monitoring, detection, and response. “We continue to see a pervasive shortage of talent in the region, especially as it relates to tactical functions, and this has pushed leaders to leverage managed security service providers (MSSPs) and other consultants to manage their operational capabilities,” said Mr. Olyaei.

Despite smaller levels of spending, cloud security and data security will continue to remain the fastest growing segments for enterprise security and risk management spending. A shift to a cloud-first strategy remains a priority in MENA, especially as major cloud service providers set up shop in the region. Additionally, The Data Protection Law (DPL) implemented in Bahrain in April 2019 and the possibility of United Arab Emirates (UAE) to deploy strict data privacy rules by the end of 2020 have compelled MENA organisations to rethink their data security framework to continue doing business in the region. As a result, Gartner predicts that by 2020, investment in data security will total US$72 million, an increase of 26% year over year.

The growing spending in security and risk management also showed that it has become a boardroom priority locally. CISOs in MENA are seeking to improve their communication with the board of directors who have more visibility on security, threats and vulnerabilities than ever. “Simply put, executives are beginning to realise the true business impact of cyber security,” said Mr. Olyaei. “It is no longer a matter of if, but when and executives are demanding that their leaders continue to facilitate business outcomes”