Gobal cybersecurity spending is expected to reach $213 billion by year's end, according to Gartner – a 10.4% increase on 2024 budgets.
New stats from the consultancy show spending will surge well beyond the 2024 figure of $193 billion - and the trend shows no sign of slowing down.
In 2026, Gartner estimates spending to increase by 12%, totaling $240 billion, while end-user spending in the UK specifically is expected to skyrocket 30% to $13.3 billion.
Speaking to ITPro, Ruggero Contu, senior director analyst at Gartner, said this spending surge is being driven by a confluence of issues, including rising cyber criminal threats, compliance-related considerations, and the emergence of AI.
Spending on security software, for example, is an area where there is a huge enterprise appetite, with spending between 2024 and 2026 increasing from around $95 billion to $121 billion.
A key factor behind this increase, Contu noted, is a concerted enterprise effort to shore up cloud security capabilities, particularly in relation to AI workloads.
This isn’t a one-size-fits-all situation, however, and he explained that spending habits will differ based on both the maturity of the organization and where it lies along its own cloud journey.
“If you look at the different segments that compose this broad category, there is a need to apply security to different stages of cloud adoption,” he told ITPro.
“From the development of applications within cloud environments, the security of workloads stored, handled in cloud environments, and testing of third party applications.”
“Now with AI, they need to secure AI-specific configurations and runtime requirements. So we do expect this segment to continue to grow in the next couple of years as a result of this.”
Skills gaps drive security services spending
Security services spending has increased consistently in recent years – from $77 billion in 2024 to an estimated $92.7 billion by 2026. Contu told ITPro this encompasses a broad range including managed services and third-party vendor support.
A major driver of enterprise spending on this front lies in the combination of rising cybersecurity risks and continued skills gaps, with organizations turning to managed services to compensate for a lack of in-house talent.
Indeed, a recent study from CyberSmart shows organizations are relying more than ever on MSPs
“One of the major drivers for security services is the skills gap,” he said. “This is obviously not a new problem. It’s an issue that enterprises across the group have been facing – having the skills and resources within cybersecurity that matches increasing requirements.
“So obviously relying on a managed security provider, or even more so a managed detection and response provider, can help fill that gap.”
Engagement with managed providers spans a range of organizations, Contu added, and isn’t necessarily limited to those that don’t have mature cybersecurity practices.
Those with a higher level of capability often require specific skills that are hard to come by.
As an example, Contu said that one area the consultancy expects to see increasing growth is the area of "cyber-physical systems security” – mainly operational technology (OT).
“That’s a challenging area,” he said. “Particularly because it needs knowledge of both security and industrial infrastructure and the requirement to apply security to that world.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Kaseya targets new growth with double C-suite appointmentNews Anthony Anzevino joins the security vendor as chief revenue officer, while Pratik Wadher takes the role of chief technology officer
-
Kids hacking for kicks are causing security headaches at schools
News More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Mobile app security is a huge blind spot for developer teams – 93% are confident their applications are secure, but 62% reported breaches last yearNews Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
-
LNER warns customers to remain vigilant after personal data exposed in cyber attackNews LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
-
Jaguar Land Rover u-turns on cyber attack containment claims, admits ‘some data has been affected’News Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which severely disrupted production.
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countriesNews The Salt Typhoon hacker group has waged several major campaigns against US telecoms companies and critical infrastructure operators – now it's ramping up attacks globally.
-
Salesloft Drift hackers had access to company GitHub account for months before attacksNews Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.
