Aussie businesses ramp up security spending

The rise of artificial intelligence (AI), coupled with persistent cyber security threats, is driving a surge in security spending across Australia, according to a forecast from Gartner.

In its latest research, the research firm noted that Australian organisations are expected to spend almost A$6.2bn on information security and risk management in 2025, a 14.4% increase from 2024.

“Generative AI [GenAI], and AI more broadly, will continue to impact the strategic objectives of Australian security and risk management leaders this year as they navigate its impact on cyber security,” said Richard Addiscott, vice-president analyst at Gartner.

“Coupled with the enduring challenges of an ever-evolving threat landscape, widening talent gaps and increasing regulatory oversight, their efforts are predominantly focused on enabling transformation and embedding resilience this year,” he added.

This surge in investment is underscored by findings from Gartner’s annual global survey of over 3,186 CIOs and technology executives, including 109 from Australia and New Zealand (ANZ). The survey revealed that 88% of ANZ respondents ranked cyber security as their top technology investment priority for the second year running.

Spending on security services, which include consulting, professional services and managed security, is expected to reach almost A$2.9bn in 2025, up 16.1% from 2024. This reflects the important role security specialists play in guiding Australian businesses through emerging cyber threats, especially in the face of a persistent skills shortage.

The increasing adoption of AI and GenAI in Australia is also fuelling investments in security software, particularly in areas such as application security, data security and privacy, and infrastructure protection.

“More than two years after the release of ChatGPT, the impact of GenAI and broader AI capabilities for Australian security leaders is real,” said Addiscott. “As these capabilities compel organisations to transform their digital ambitions, it requires security leaders to adapt their cyber security roadmaps, focus on securing their organisations’ AI adoption and experiment with AI in cyber security.”

While early adopters of AI in security have experienced mixed results, Gartner observed a shift towards more measured and incremental AI implementations. The analyst firm predicted that by 2027, 90% of successful AI deployments in cyber security will focus on tactical tasks like automation and process enhancement, rather than replacing human roles entirely.

Gartner urged security leaders to brace for the rapid and continuous evolution of GenAI, anticipating new challenges stemming from emerging AI applications, such as AI agents, a surge in cyber security solutions, and attackers exploiting GenAI for malicious purposes.

For example, AI-enhanced malware is becoming more sophisticated, making it increasingly difficult to detect and stop. Malware that’s been optimised by AI has the potential to be even more evasive and effective, according to Reuben Koh, director of security strategy for Asia-Pacific and Japan at Akamai Technologies.

There’s also AI-powered social engineering, where AI tools are used to develop highly realistic phishing messages and even deepfake videos and voices, making scams more convincing and dangerous. 

Finally, AI can automate large parts of the attack chain, reducing the time required to find and exploit security gaps, which can lead to a much more efficient way to conduct cyber attacks. This also means that defenders will now have even less time to investigate and respond to security incidents.

“The adoption of AI can and will inevitably lead to additional security risks. At the same time, the volume of AI-driven attacks is increasing as the technology matures and becomes more mainstream. As AI becomes more and more ubiquitous, understanding how to defend against AI threats and securing AI systems must now become a top priority for organisations,” said Koh.