- Cyber security spending in Kenya is still low with half of state entities exposed to malicious attackers.
- Cyber Security Spending is projected to reach $8.4 billion in 2027.
- Banks will account for 85.6% of the financial services sector’s total spending on security products.
The increasing online threats to businesses across the region will see companies and government increase their cyber security spending to excess of $6.2 billion this year, new industry insights have shown.
Spending on security products and services in the Middle East and Africa (MEA), excluding Israel, will grow 10.3 per cent in 2024, reaching $6.2 billion, according to the latest Worldwide Security Spending Guide from International Data Corporation (IDC).
The firm’s newly released forecast indicates that this figure will reach $8.4 billion in 2027, representing a compound annual growth rate (CAGR) of 12.0per cent over the 2023–2027 forecast period. Security software will account for the majority of the overall security spending in the region.
The region’s intensifying threat landscape and spike in cybercrime, alongside greater cybersecurity awareness and the need to ensure regulatory compliance, will drive strong demand for software solutions, resulting in software being the fastest growing technology group for the year.
Read also: Kenya records over 1.2 billion cyber threats in three months
Organisations embracing could under digital-first mindset
IDC research analyst for software and cybersecurity Yotasha Thaver, says that across the MEA region, there has been a huge shift away from legacy infrastructure, with organizations increasingly embracing a digital-first mindset, particularly with regard to cloud adoption.
“Such initiatives have expanded the threat surface of organizations within the region, leading to a surge in cybercrime such as phishing, DDoS attacks, data leakage, and social engineering. At the same time, cybersecurity awareness has increased considerably, as has the need to ensure regulatory compliance and improve the security posture of organizations,” said Thaver.
He adds that the MEA region is seeing a rapid expansion of cybersecurity initiatives and will therefore see huge growth over the next few years; however, with budget constraints persisting, the cost of security solutions remains a key area of concern.
From a vertical perspective, the financial services and government sectors will be the MEA region’s biggest spenders on security products and services in 2024, together accounting for nearly a third of the market’s value. They will remain the largest security spenders through 2027.
Sectors set for high cyber security spending
Banks will account for 85.6 per cent of the financial services sector’s total spending on security products and services this year due to the proliferation of targeted attacks and the sensitive nature of their business.
Report says government organizations in the region are prioritizing cybersecurity. Stricter compliance regulations are being introduced across the region, with major initiatives underway in Saudi Arabia and the UAE.
Accordingly, the sector is expected to spend more on services, particularly integration services and managed security services. There will also be significant investments in endpoint security software and network security software across both the government and financial services sectors.
The telecommunications industry, which is heavily focused on endpoint security, network security appliances, and managed security services, will be the third-largest contributor to overall security spending in the region in 2024.
IDC’s Worldwide Security Spending Guide quantifies the global revenue opportunity for both core and next-generation security purchases, with detailed forecast data for security spending by 28 industries across 48 countries.
This version (V1 2024) of the Spending Guide incorporates updated estimates for the impact of current global and local trends. IDC’s Worldwide Security Spending Guide examines the security opportunity from a technology, industry, company size, and geography perspective.
Among the sectors surveyed in the report include Consumer, financial services, healthcare, telecommunications, energy, high tech and electronics, durable goods, nondurable goods, resources, retail, software and information services, transportation and leisure, business and personal services, education, and government.
Read also: 2024 outlook: Corruption and cybercrime emerge as biggest threats facing Kenyan firms
Kenya’s increased cyber security threat
The report comes at a time that it has emerged that about 50 per cent of critical information systems are vulnerable to cyber security threats such as hacking and data breaches.
Emmanuel Kata Kimeu, secretary of information and communications technology (ICT) security and audit control at the Ministry of Information, Communications and the Digital Economy, told journalists in the Kenyan capital Nairobi that the financial sector faces most threats of cybersecurity intrusion, attacks, hacking and destabilization due to the rapid uptake of mobile banking.
“Information systems used for telemedicine, e-learning and transport navigation are also in the high-risk zone for cyber threats,” Kimeu said during the launch of the National Cyber Risk Assessment report, which was prepared by the Communications Authority of Kenya and National Computer and Cybercrimes Coordination Committee, and identified a national risk assessment framework of assets and resources in critical sectors that could be vulnerable to cybercriminals.
Kimeu said Kenya is prioritizing cyber risk mitigation through a risk treatment plan that includes hiring more cyber professionals to secure critical information systems. He said the country’s cyber governance regime is at its formative stages across most sectors and needs to be strengthened through enhanced investments.
Jackson Makewa, director of ICT and cybersecurity at the Ministry of Information, Communications and the Digital Economy, said malware and ransom are the most critical cyber threat vectors. Makewa added that Kenya is implementing interventions such as information sharing, cyber threat intelligence, and vulnerability disclosure to counter cybersecurity threats.