Kzenon - stock.adobe.com

EMEA security spend will have another boom year in 2024

Cyber security services and technology will once again be the focus of major investment across EMEA during 2024, according to the latest Technology Spending Intentions study from TechTarget and ESG

Security services and technology have again maintained the number one priority for IT spending across the EMEA region, according to this year’s Technology spending intentions research from TechTarget and ESG, to the extent that it’s also leading investment in areas beyond merely cyber, including networking, infrastructure, applications (DevSecOps) and generative artificial intelligence (GenAI).

With 48% of organisations in EMEA planning to increase their IT spend this year – 22% of those by a factor of over 10% – and buyers on the whole optimistic about their technology budgets for 2024, security was the runaway beneficiary of this trend, with 63% of organisations planning their spend in this area this year, compared with 4% that said they planned to decease cyber outlay. A total of 49% said security had become “significantly” more important to their organisation’s future over the past two years.

EMEA respondents also tended to cite improving cyber security resilience as the main justification for all IT spend when making their case to those holding the purse strings, 41%, according to the data.

A plethora of new legal and regulatory introductions, including various European Union (EU) initiatives such as the Digital Services Act, the Data Act, European Health Data Space, the Data Governance Act and the AI Act – all aimed at forcing more transparency, responsible data use and improved cyber security – will clearly influence this upward trend.

Meanwhile, the new Cybersecurity Certification Scheme may help raise security standards, and hence budget, across other areas, notably cloud and 5G networking.

“More than half of organisations believe their security operations environment has become more difficult to manage over the last two years,” said ESG principal analyst Dave Gruber. “Increasing difficulty is due to the growing attack surface, dangerous threat landscape and increasing use of cloud computing.

“Security operations have also been impacted by the global cyber security skills shortage, most commonly in the form of an increasing workload on existing staff as well as staff attrition and burnout.”

Planned investments

On a global basis, the top three areas of spending were vulnerability management, penetration testing and data loss prevention (DLP). These were followed by multi-factor authentication (MFA), zero-trust network access (ZTNA), email security, data privacy and governance, and single-sign-on (SSO). Rounding out the top 10 areas of planned spending were security information and event management (SIEM), and firewalls.

Taking into consideration the size of responding organisations, large enterprises said they would look to ZTNA, DLP and vulnerability management as their top priorities, while mid-market organisations plan to prioritise vulnerability management, penetration testing and MFA in 2024.

In EMEA, buyers are turning in particular to ZTNA as an element of cloud security, signifying a shift towards more stringent identity verification and access control in cloud environments, which is a core tenet of zero-trust cyber security models. A total of 33% of EMEA respondents said they planned to spend on ZTNA in this context.

Close behind, with 30% planning spending in this area, were cloud data security and DLP projects. In third place was cloud visibility and monitoring services, followed by secure access service edge (SASE) and secure web gateways. SASE stood out as likely to experience considerable growth this year compared with 2023, as did spending on security service edge (SSE) offerings and cloud access security brokers. Taken together, these trends appear to demonstrate growing awareness of the need to protect sensitive data in clouds.

Meanwhile, 43% of EMEA respondents planned investment in penetration testing and 42% in vulnerability management as an element of wider application security spending. A total of 28% signalled plans to spend on application programming interface (API) security, 27% on domain name system security, distributed denial-of-service defence and bot mitigation, 22% on ethical hacking, and 21% on DevSecOps.

Looking through the data, this appears to indicate a definite trend of security creeping down into the application development lifecycle – a positive development – and becoming more interwoven into the developers’ toolbox. Protecting APIs and securing applications in cloud environments also look to be ideas that are now gaining traction across the region.

SecOps and other topics

Elsewhere in the cyber domain, EMEA respondents said they planned to spend on SIEM, threat intel, endpoint protection and extended detection and response (XDR) to soup up their security operations (SecOps) practice.

SIEM notably remains a “dominant pillar”, said ESG, thanks to AI-driven investments and the need to protect clouds, while XDR is gaining traction driven by the organisational need to go threat hunting proactively, and a growing desire to draw on expert resources and establish a holistic view of the threat landscape. On this basis, there also appears to be a growing convergence between XDR and managed detection and response (MDR).

From a network security standpoint, EMEA buyers are opening their wallets to spend on ZTNA projects, firewalls, SIEM, virtual private networks (VPNs) and intrusion detection systems (IDS).

Investment in ZTNA has in fact grown threefold in the past 12 months in the ESG data, and this is likely fuelled by an increasing number of early adopters realising significant return on their investments. Investment around SASE, described as “aggressive” in the report, further showcases the need for differentiated go-to-market strategies – suppliers will need to target those pursuing both holistic and piecemeal approaches.

Read more from the Technology Spending Intentions study

On privacy and data protection, the most prominent areas of investment this year will be around email security, data privacy and governance, DLP, compliance and risk assessment, and data encryption and cryptography.

The high investment intent in DLP, email security, and privacy and governance would seem to indicate that protecting sensitive information is a massive priority as organisations continue to face increasing data breaches and more stringent compliance requirements.

Lower down the charts in this area, but still the subject of spending by some, are services incorporating generative artificial intelligence and quantum protection, suggesting some buyers have a keen eye on getting a head start on future challenges.

Finally, spending on identity categories this year will centre SSO, MFA, zero-trust identity access, privileged identity, account management and passwordless authentication.

These priorities demonstrate a strong focus on privileged identity, said ESG, with buyers increasingly cognisant of identity being one of the main, if not the main, perimeter in an increasingly perimeterless environment. High demand for passwordless authentication also suggests security buyers are increasingly keen to give users a more seamless sign-on experience.

Read more on Cloud security