Worldwide spending on information security is projected to reach $213 billion this year, up from $193 billion in 2024, according to Gartner.
The technology research firm said that global spending is estimated to increase 12.5 per cent in 2026 to $240 billion.
The organisation explained that security software is the fastest growing segment because more companies are continuing to move from on-premises to cloud-based systems, which brings with it new security risks.
Spending on this segment reached nearly $94.96 billion in 2024, with Gartner predicting this will hit $105.9 billion by the end of this year and around $121 billion by 2026.
Gartner said cloud security posture management and cloud access security brokers are the main drivers in this segment.
Additionally, Gartner said that rising threats and the expanding use of AI and generative AI (GenAI) by both internal users of AI and attackers will remain key growth drivers for security spending.
Spending on the security services segment is also predicted to rise from $77 billion in 2024 to $83.8 billion in 2025.
“Established security spending will continue as normal, but some organisations are being more cautious with any new security spending in this highly uncertain and challenging climate,” said Ruggero Contu, senior director analyst at Gartner. “However, higher defence budgets, rising threats, increasing regulatory pressure and better cybersecurity awareness – especially among small and medium-sized businesses – will keep cybersecurity spending strong in the medium to long term.”
The figures come after several high-profile organisations around the world have hit headlines in recent months following cyber-attacks on their systems.
Last week, Microsoft faced growing criticism after it confirmed that vulnerabilities in its SharePoint server software have been widely exploited by Chinese state-linked hackers, leading to breaches in hundreds of organisations worldwide, including key US government agencies.
The flaws, which affect only on-premises SharePoint servers and not Microsoft’s cloud-based services, were initially identified at a hacking competition in Berlin in May.
Although Microsoft released a patch earlier this month, it was later revealed that the initial fix was incomplete, allowing attackers to continue exploiting the weakness.
Earlier in July, Qantas confirmed that over a million customers had their personal data leaked in a cyber-attack last week.
After removing duplicate records, the airline’s investigation has found that there were 5.7 million unique customers’ data held in the system.
The Australian airline said that cyber criminals gained access to around four million customer records, which contained some combination of name, email address and Qantas frequent flyer details.
In April, an attack at M&S forced the group to close its online store for nearly seven weeks and led to empty shelves at shops during May as automated stock systems were shut down.
The incident has cost the company an estimated £300 million in lost profits this year.
