Cybersecurity spending set to jump 12.2% in 2025

Global cybersecurity spending is expected to grow by 12.2% in 2025, according to the latest forecast from the IDC Worldwide Security Spending Guide. The rise in cyber threats is pushing organizations to invest more in their defenses. AI tools are making these threats more sophisticated, which is adding to the urgency. IDC says this steady climb in spending will continue through 2028, hitting $377 billion by then.

The U.S. and Western Europe will still make up more than 70% of global security spending in 2025. But other regions are catching up. Latin America, Central and Eastern Europe, and the Middle East and Africa are expected to see the fastest growth this year.

“Growing digital transformation and hiking emerging technology adoption across the Middle East & Africa (MEA) region — especially countries in the Gulf Cooperation Council (GCC) — have pushed the demand significantly for security solutions to face the evolving threat landscapes. MEA is witnessing substantial investments from both government and enterprises to fight rising cyber threats, with strong awareness for the importance of cybersecurity education and training programs to fortify organizations against possible attacks,” says Eman Elshewy, senior research manager with IDC Data and Analytics.

Security software will be the largest technology group in 2025, representing more than half of the worldwide security market this year, as well as the fastest growing one, with a 14.4% year-on-year growth rate. The security software market growth will be driven especially by cloud native application protection platform (CNAPP), identity and access management software, and security analytics software growth, reflecting the special focus that companies will put on integrated cyberthreats detection and response around their whole organizational perimeter.

Security services will be the second fastest-growing technology group in 2025, driven by the continuous expansion of managed security services, on which organizations of all sizes will continue to increase their focus as a flexible and efficient way to face new security challenges. Finally, security hardware will rank third, achieving single-digit but steady growth in 2025.

Banking, federal/central government, telecommunications, capital markets, and healthcare provider will be the industries spending the most at the global level on security in 2025, while the fastest-growing will be capital markets, media and entertainment, and life sciences with an expected year-on-year growth rate of 19.4%, 17.1%, and 16.9%, respectively in 2025.

While large and very large businesses account for the majority of security spending across all regions, small and medium-sized businesses will continue to increase their investments in security throughout the forecast period to address security gaps and protect their assets and processes as their digital transformation accelerates.

“It’s encouraging to see the continued growth in global cybersecurity investments (12.2% in 2025) – particularly among small and medium-sized businesses. Cyber attackers are typically opportunistic; they’re like car thieves checking door handles for an easy win. SMEs have traditionally been low-hanging fruit – with limited resources for cybersecurity training, advanced tools, or dedicated security teams. More often than not, cybersecurity is reactive, underfunded, or left to overstretched IT functions, already juggling multiple responsibilities,” Adam Casey, Director of Security at Qodea, told Help Net Security.

“This gap has only widened in recent years. SMEs have accelerated digital transformation to remain competitive, or simply to stay operational during and post the pandemic. Yet many still lack the internal expertise, to properly assess or address the security implications of this shift. Meanwhile, cyber attacks have grown more frequent, more sophisticated, and harder to defend against. So, while rising cybersecurity investment is vital, it doesn’t always translate into stronger protection. Typically, we see customers trying to solve the problem through implementing additional technology, and not considering the people or process requirements. Adopting more technology results in alert fatigue, overlapping capability, and multiple panes of glass. All resulting in increased costs, strains on resources, and difficulty in making data-based decisions,” Casey concluded.