Gobal cybersecurity spending is expected to reach $213 billion by year's end, according to Gartner – a 10.4% increase on 2024 budgets.
New stats from the consultancy show spending will surge well beyond the 2024 figure of $193 billion - and the trend shows no sign of slowing down.
In 2026, Gartner estimates spending to increase by 12%, totaling $240 billion, while end-user spending in the UK specifically is expected to skyrocket 30% to $13.3 billion.
Speaking to ITPro, Ruggero Contu, senior director analyst at Gartner, said this spending surge is being driven by a confluence of issues, including rising cyber criminal threats, compliance-related considerations, and the emergence of AI.
Spending on security software, for example, is an area where there is a huge enterprise appetite, with spending between 2024 and 2026 increasing from around $95 billion to $121 billion.
A key factor behind this increase, Contu noted, is a concerted enterprise effort to shore up cloud security capabilities, particularly in relation to AI workloads.
This isn’t a one-size-fits-all situation, however, and he explained that spending habits will differ based on both the maturity of the organization and where it lies along its own cloud journey.
“If you look at the different segments that compose this broad category, there is a need to apply security to different stages of cloud adoption,” he told ITPro.
“From the development of applications within cloud environments, the security of workloads stored, handled in cloud environments, and testing of third party applications.”
“Now with AI, they need to secure AI-specific configurations and runtime requirements. So we do expect this segment to continue to grow in the next couple of years as a result of this.”
Skills gaps drive security services spending
Security services spending has increased consistently in recent years – from $77 billion in 2024 to an estimated $92.7 billion by 2026. Contu told ITPro this encompasses a broad range including managed services and third-party vendor support.
A major driver of enterprise spending on this front lies in the combination of rising cybersecurity risks and continued skills gaps, with organizations turning to managed services to compensate for a lack of in-house talent.
Indeed, a recent study from CyberSmart shows organizations are relying more than ever on MSPs
“One of the major drivers for security services is the skills gap,” he said. “This is obviously not a new problem. It’s an issue that enterprises across the group have been facing – having the skills and resources within cybersecurity that matches increasing requirements.
“So obviously relying on a managed security provider, or even more so a managed detection and response provider, can help fill that gap.”
Engagement with managed providers spans a range of organizations, Contu added, and isn’t necessarily limited to those that don’t have mature cybersecurity practices.
Those with a higher level of capability often require specific skills that are hard to come by.
As an example, Contu said that one area the consultancy expects to see increasing growth is the area of "cyber-physical systems security” – mainly operational technology (OT).
“That’s a challenging area,” he said. “Particularly because it needs knowledge of both security and industrial infrastructure and the requirement to apply security to that world.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals — and teams at Amazon are already seeing huge gainsNews AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals, and the company has already unlocked significant benefits from the technology internally.
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
