NEWSLETTER

SIGN-UP

CYBERSECURITY OPERATIONS CYBER RISK

Breaking cybersecurity news, news analysis, commentary, and other

content from around the world, with an initial focus on the Middle
East & Africa.

Middle East & Africa CISOs Plan to Increase

2024 Budgets by 10%
New data shows higher-than-expected cybersecurity growth in the Middle East,
Turkey, and Africa region, thanks to AI and other factors.
Robert Lemos, Contributing Writer 4 Min Read
February 13, 2024
 NEWSLETTER
SIGN-UP

SOURCE: CG ALEX VIA SHUTTERSTOCK

Geopolitical threats, security uncertainty surrounding generative AI, and

increasing data-protection regulations across the Middle East, Turkey,
and Africa will propel cybersecurity spending to more than $6.5 billion in
2024 — surpassing previous investment estimates.
The market forecast, part of IDC's overall information and
communications technology (ICT) insights for the region, suggests that
the cybersecurity market will continue to grow quickly in the Middle East,
Turkey, and Africa (META) region. In fact, more than three-quarters of
CISOs in the region are planning to increase budgets by at least 10% this
year, IDC found.
 NEWSLETTER
SIGN-UP
This strong growth in part is driven by companies facing more
cybercrime and regulatory enforcement, requiring them to increase
spending on cybersecurity products and services, says Yotasha Thaver,
a research analyst for IT security data at IDC South Africa and META.
"The increase in successful cybercrimes has driven demand for
consulting services in non-core countries where awareness is not as high
compared to the core countries," she says. "There is also a push coming
from governments — particularly in the Middle East — for improved
cybersecurity."

IDC divides the region's countries into "core," which spend significantly
on technology and cybersecurity, and "non-core" countries, which are on
a slower growth curve. Both the Kingdom of Saudi Arabia and the United
Arab Emirates (UAE), for example, are core countries and are ranked in
the top-10 countries worldwide on the Global Cybersecurity Index, a
five-year census of nations' efforts to secure their networks and
technologies.

IDC uses local market data, surveys, and more than 130 analysts across
the region to calculate its estimates of market size and growth.
Governments, Private Sector Investing in
Cybersecurity
While the Middle East, Turkey, and Africa account for a small fraction of
the worldwide cybersecurity market — which IDC forecasted would
reach $219 billion in 2023 — these regions are investing at about the
same rate in their market as companies in North AmericaNEWSLETTER
and Europe.
SIGN-UP
Yet the improvements are uneven, Thaver says. "Countries with improved
security posture have higher demand for security services, such as
managed security services and integration services, compared with
other countries," she says. "With the exception of core countries, I would
say that GCC countries" — that is, countries in the Gulf Cooperation
Council, or Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the UAE —
"are improving cybersecurity posture at a faster rate than African
countries."

Yet companies in the Middle East still have a ways to go. More than half
of Middle East firms (51%) cite a lack of funding as their main challenge
in managing cybersecurity, compared with 36% globally, according to
consulting firm Deloitte's "Middle East Future of Cyber" report.
The entire region must contend with the rapidly changing environment as
well, from the impetus to incorporate AI into their business operations to
increasing attacks connected with geopolitical events, says Shilpi Handa,
associate research director, META, for IDC.
"The uncertainty around generative-AI-related threats, increases in
budgets, and a huge regulatory ramp-up — like in the Kingdom of Saudi
Arabia, Jordan, and United Arab Emirates — especially around data
privacy and AI guidelines" are driving the increase, she says. "And most
importantly, geopolitical stress is leading to an increase in cyber
budgets, especially in organizations with critical infrastructure."

Targeted Attacks Common

The forecasted growth in the cybersecurity market comes as local CISOs
NEWSLETTER
worry that their cloud security may be lacking, with around 70% of firms
SIGN-UP
concerned over cloud security. Targeted attacks by state actors are
common in the Middle East, with about 40% of cyber attacks carried out
by APT groups, according to a report on the regional threats by
cybersecurity firm Positive Technologies published last year. More than
half of all threats targeted government agencies, industrial systems, or
mass media, with remote access Trojans (RATs) and spyware the most
common types of malware.
While ransomware is less common, the rise of wipers — resembling
ransomware's destructive capabilities — is a trend in the Middle East, the
report stated.
"A regional feature of the Middle East is the use of wipers by malicious
actors in attacks using malware," the report stated. "When this malware
infects a device, it erases all user and system files, causing the device to
crash. A particularly dangerous scenario is when wipers infect ICS
equipment, since its failure can lead to disruptions in the technological
process and even to emergency situations."
Overall, organizations in both the Middle East and Africa regions tend to
efficiently allocate their cybersecurity budgets, and they lead their peers
in cybersecurity. However, with the exception of Saudi Arabia and the
UAE, most countries lag behind their global peers in cybersecurity
maturity.
Read more about:
DR Global Middle East & Africa