Driven by an ever-escalating number of high-profile cyber attacks and other emerging risks, worldwide spending on cyber security products and services by end-user organisations continues to rise, and looks set to surpass $200bn (£150bn) during 2025, according to Gartner.
Throughout the forecast period, the expanding use of artificial intelligence (AI) and generative AI (GenAI) by both internal users and threat actors will be key growth drivers as total information security spend rises from $193.5bn in 2024 to $213bn this year, said the research house’s analysts.
By a comparatively small margin, this surpasses Gartner’s previous forecast from August 2024, which pointed to a high of $212bn. However, it represents a percentage increase of roughly 10%, which compared with last year’s forecasts is a fairly significant slowdown.
Nevertheless, growth looks set to continue into 2026, with Gartner now predicting spending will increase by around 12.5% next year, hitting about $240bn all told.
However, Ruggero Contu, senior director analyst at Gartner, said the headline figures did not necessarily tell the whole story.
“Established security spending will continue as normal, but some organisations are being more cautious with any new security spending in this highly uncertain and challenging climate,” he said.
“Higher defence budgets, rising threats, increasing regulatory pressure and better cyber security awareness – especially among small and medium-sized businesses – will keep cyber security spending strong in the medium to long term.”
Gartner breaks out its spending forecast into three core categories – network security, security services and security software.
Its analysts found that security software will account for the lion’s share of short-term future growth – rising from $95bn in 2024 to $106bn this year, then heading to $121bn in 2026.
This growth is largely thanks to the transition from on-premise to cloud-based systems, which – as has been well established over the years – increases user exposure to certain cyber risks.
The main drivers powering growth in the security software segment will most likely be cloud security posture management and cloud access security broker (CASB) services.
Gartner predicted that the network security segment will go from $21.3bn in 2024 to $23.3bn in 2025, before heading to $25.9bn in 2026. Meanwhile, end-user spending on cyber security services will go from $77.1bn in 2024 to $106bn this year, then $121.1bn in 2026.
Attendees at Gartner’s annual Security and Risk Management Summit in London – which takes place from 22 to 24 September – can learn more about the research at the event, while the organisation’s clients can download the full report here.
Security draining IT budgets
Separately, SolarWinds’ annual IT trends report, also published this week, has revealed that IT security teams in the UK are investing heavily in operational resilience, with almost two-thirds of British respondents reporting that up to 30% of their total tech budgets are now devoted to his matter.
Across Europe as a whole, SolarWinds reported that 69% of buyers are upgrading their cyber tools, training and playbooks to improve their recovery and response processes should, or more accurately when, the worst occurs.
The SolarWinds study highlighted a worrying gap between how many IT leaders considered their organisations resilient, and the reality on the ground. In the UK specifically, it found that 44% consider their organisations resilient and 52% would say they were very resilient, and yet 32% spend over a quarter of their working month trying to resolve security issues and service disruptions.
“Teams are dedicating real budget and effort to resilience, but many remain trapped in reactive mode,” said Sascha Giese, tech evangelist at SolarWinds.
“Technology alone cannot solve problems – it needs people with the knowledge and expertise, plus investment, to be able to succeed. Organisations must adopt new ways of working in order to shift from firefighting to innovation, without compromising reliability.”
