Cybersecurity investment is set to leap forward in Middle East and North Africa (MENA).
Gartner says spending on information security technology and services in MENA is on pace to exceed US$1.8 billion in 2017, representing an 11 percent increase from 2016.
In line with global trends, security services will continue to be the fastest growing segment – particularly IT outsourcing, consulting and implementation services.
Gartner says the growth for security services will be driven by ongoing skills shortages in the information security domain as well as increased awareness of threats.
The oil and gas industry is critical to many local economies in MENA and Gartner asserts the converging of operational technology (OT), Internet of Things (IoT), and IT is pushing many organisations to start considering how to handle the potential new security vulnerabilities created.
This is fuelling interest to invest in security products and services in an attempt to mitigate these new risks that traditional information security practices are not accustomed to.
Gartner says this rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape is undoubtedly having a positive impact on the industry, including continued spending on security prouducts and services, not to mention increased accountability at the board level when it comes to security implications making metrics and executive communication a hot topic for leaders today.
At the recent Gartner Security and Risk Management Summit, Gartner’s senior research analyst Sam Olyaei provided the latest outlook for the information security industry where he affirmed improving security is not just about spending on new technologies – as illustrated in the recent spate of global security incidents, doing the basics right has never been more important.
“Organisations can improve their security posture significantly just by addressing basic security and risk related hygiene processes like patch management, regular and scalable vulnerability scanning, centralised log management, internal network segmentation, backups and system hardening. Do not buy a tool just because a tool exists, invest in people and process to maintain and operate these tools," says Olyaei.
"The region is also fixated on check box compliance – a hallmark of immaturity when it comes to security. In essence there is a false sense of security in the GCC. Digital business is transforming the region and it is all about managing risk; managing risk is about understanding the major perils a business will face, and prioritising controls and investments in security to achieve business outcomes."