Gobal cybersecurity spending is expected to reach $213 billion by year's end, according to Gartner – a 10.4% increase on 2024 budgets.
New stats from the consultancy show spending will surge well beyond the 2024 figure of $193 billion - and the trend shows no sign of slowing down.
In 2026, Gartner estimates spending to increase by 12%, totaling $240 billion, while end-user spending in the UK specifically is expected to skyrocket 30% to $13.3 billion.
Speaking to ITPro, Ruggero Contu, senior director analyst at Gartner, said this spending surge is being driven by a confluence of issues, including rising cyber criminal threats, compliance-related considerations, and the emergence of AI.
Spending on security software, for example, is an area where there is a huge enterprise appetite, with spending between 2024 and 2026 increasing from around $95 billion to $121 billion.
A key factor behind this increase, Contu noted, is a concerted enterprise effort to shore up cloud security capabilities, particularly in relation to AI workloads.
This isn’t a one-size-fits-all situation, however, and he explained that spending habits will differ based on both the maturity of the organization and where it lies along its own cloud journey.
“If you look at the different segments that compose this broad category, there is a need to apply security to different stages of cloud adoption,” he told ITPro.
“From the development of applications within cloud environments, the security of workloads stored, handled in cloud environments, and testing of third party applications.”
“Now with AI, they need to secure AI-specific configurations and runtime requirements. So we do expect this segment to continue to grow in the next couple of years as a result of this.”
Skills gaps drive security services spending
Security services spending has increased consistently in recent years – from $77 billion in 2024 to an estimated $92.7 billion by 2026. Contu told ITPro this encompasses a broad range including managed services and third-party vendor support.
A major driver of enterprise spending on this front lies in the combination of rising cybersecurity risks and continued skills gaps, with organizations turning to managed services to compensate for a lack of in-house talent.
Indeed, a recent study from CyberSmart shows organizations are relying more than ever on MSPs
“One of the major drivers for security services is the skills gap,” he said. “This is obviously not a new problem. It’s an issue that enterprises across the group have been facing – having the skills and resources within cybersecurity that matches increasing requirements.
“So obviously relying on a managed security provider, or even more so a managed detection and response provider, can help fill that gap.”
Engagement with managed providers spans a range of organizations, Contu added, and isn’t necessarily limited to those that don’t have mature cybersecurity practices.
Those with a higher level of capability often require specific skills that are hard to come by.
As an example, Contu said that one area the consultancy expects to see increasing growth is the area of "cyber-physical systems security” – mainly operational technology (OT).
“That’s a challenging area,” he said. “Particularly because it needs knowledge of both security and industrial infrastructure and the requirement to apply security to that world.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Salesforce just launched a new catch-all platform to build enterprise AI agentsNews Businesses will be able to build agents within Slack and manage them with natural language
-
Slack is now the key to Salesforce’s agentic AI plansNews Salesforce is bringing more agents into Slack, along with CRM and third-party data
-
Third time lucky? The FBI just took down BreachForums, againNews The hacking forum is down for now, but the group behind it, Scattered Lapsus$ Hunters, isn't going to stop extorting victims of the Salesforce breach
-
A malicious MCP server is silently stealing user emailsNews Koi Security says it's discovered the first malicious MCP server in the wild, exposing a risk to the entire ecosystem
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breachesNews Chronic cyber skills shortages mean many businesses are implementing quick fixes
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
