Global cybersecurity spending is going to hit $213 billion in 2025 — here's what’s driving investment
Spending across major fronts comes in the wake of rising cloud security threats and growing skills gaps
Gobal cybersecurity spending is expected to reach $213 billion by year's end, according to Gartner – a 10.4% increase on 2024 budgets.
New stats from the consultancy show spending will surge well beyond the 2024 figure of $193 billion - and the trend shows no sign of slowing down.
In 2026, Gartner estimates spending to increase by 12%, totaling $240 billion, while end-user spending in the UK specifically is expected to skyrocket 30% to $13.3 billion.
Speaking to ITPro, Ruggero Contu, senior director analyst at Gartner, said this spending surge is being driven by a confluence of issues, including rising cyber criminal threats, compliance-related considerations, and the emergence of AI.
Spending on security software, for example, is an area where there is a huge enterprise appetite, with spending between 2024 and 2026 increasing from around $95 billion to $121 billion.
A key factor behind this increase, Contu noted, is a concerted enterprise effort to shore up cloud security capabilities, particularly in relation to AI workloads.
This isn’t a one-size-fits-all situation, however, and he explained that spending habits will differ based on both the maturity of the organization and where it lies along its own cloud journey.
“If you look at the different segments that compose this broad category, there is a need to apply security to different stages of cloud adoption,” he told ITPro.
“From the development of applications within cloud environments, the security of workloads stored, handled in cloud environments, and testing of third party applications.”
“Now with AI, they need to secure AI-specific configurations and runtime requirements. So we do expect this segment to continue to grow in the next couple of years as a result of this.”
Skills gaps drive security services spending
Security services spending has increased consistently in recent years – from $77 billion in 2024 to an estimated $92.7 billion by 2026. Contu told ITPro this encompasses a broad range including managed services and third-party vendor support.
A major driver of enterprise spending on this front lies in the combination of rising cybersecurity risks and continued skills gaps, with organizations turning to managed services to compensate for a lack of in-house talent.
Indeed, a recent study from CyberSmart shows organizations are relying more than ever on MSPs
“One of the major drivers for security services is the skills gap,” he said. “This is obviously not a new problem. It’s an issue that enterprises across the group have been facing – having the skills and resources within cybersecurity that matches increasing requirements.
“So obviously relying on a managed security provider, or even more so a managed detection and response provider, can help fill that gap.”
Engagement with managed providers spans a range of organizations, Contu added, and isn’t necessarily limited to those that don’t have mature cybersecurity practices.
Those with a higher level of capability often require specific skills that are hard to come by.
As an example, Contu said that one area the consultancy expects to see increasing growth is the area of "cyber-physical systems security” – mainly operational technology (OT).
“That’s a challenging area,” he said. “Particularly because it needs knowledge of both security and industrial infrastructure and the requirement to apply security to that world.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Microsoft unveils Maia 200 accelerator, claiming better performance per dollar than Amazon and GoogleNews The launch of Microsoft’s second-generation silicon solidifies its mission to scale AI workloads and directly control more of its infrastructure
-
Infosys expands Swiss footprint with new Zurich officeNews The firm has relocated its Swiss headquarters to support partners delivering AI-led digital transformation
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
-
LastPass issues alert as customers targeted in new phishing campaignNews LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign that encourages users to backup vaults.
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struckNews A single misconfiguration could have allowed attackers to inject malicious code to launch a platform-wide compromise
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
-
Supply chain and AI security in the spotlight for cyber leaders in 2026News Organizations are sharpening their focus on supply chain security and shoring up AI systems
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
NHS supplier DXS International confirms cyber attack – here’s what we know so farNews The NHS supplier says front-line clinical services are unaffected
