EDGE 2024: Security to top Aussie customer IT spending charts in 2025

Security is anticipated to be the number one IT spending area for customers next year, providing a lot of partners with a big opportunity.

Speaking at EDGE 2024, Mark Iles, executive consultant and industry analyst of Tech Research Asia, claimed that security is to top the charts for customers’ IT spending for 2025 in Australia.

This is expected to outpace software-as-a-service (SaaS) and application services and customer experience, which ranked second and third, respectively. Following this was cloud migration in fourth, digital transformation in fifth, data and analytics in sixth, AI and machine learning (ML) in seventh and automation in eighth.

Iles said security returns to its top spot from 2022 after dipping to third in 2024. The 2022 result in particular had security in first place for customer spending by a wide margin. The 2024 and 2025 results, meanwhile, narrowed the gap between security and other market segments.

In fact, 57 per cent of this year’s survey’s respondents claimed they were increasing their cyber budgets in FY25. However, only 23 per cent have implanted the federal government’s Australian Signals Directorate’s Essential Eight mitigation strategies – a guideline to protect internet-connected systems – and just 22 per cent had managed security services.

“As an MSP [managed service provider] community, there’s still a massive opportunity here for us around manage services,” Iles said.

In particular, he continued, is the opportunity to service small- to medium-sized businesses (SMB) as while the “high end of town” has a lot of money to spend on high end systems and CISOs, the same cannot be said for smaller organisations.

“We’ve still got an awful lot of people thinking they can do it themselves,” Iles added.

There are six security priorities in particular that customers are “struggling with”, according to Iles, providing partners with an opportunity to come in to assist. These are: cyber understanding, risk and governance, network security, training and education, compliance and aligning to frameworks.

“We do tend to lean into this very product-led solution. ‘Oh, what we need is an endpoint, you need EDR/XDR/MDR/FDR/ZDR; something with an R at the end of it,’” he said. “I feel the language that we’re talking about services is not we’re going to actually align that to strategy; really talk to your board rooms about governance rules about training and education.”

While AI and ML came in seventh, Iles added that this didn’t mean it was a spending trend to sleep on.

“If [you want to know where] the money is going to be in the future, follow the ones that are trending from the bottom and it’s the first time we’ve started to see data analytics, AI and ML popping up the charts,” he said.

However, while AI is a trend to follow, it doesn’t need to be followed blindly, as there are still security requirements to consider.

This was also highlighted at EDGE 2024 by Nisha Clark, CIO at Australasian dental support organisation Abano Healthcare. Speaking at a panel about what customers want from partners, Clark said she has had to reject AI technology that would have been a value-add had it applied to sovereignty requirements.

“We’ve actually had to turn away AI technology that was going to add value to our dentists and practitioners because they don’t have the entry level commitments of what a good security posture looks like,” she said.

According to Clark, the solution involved patient data for Australians, but necessitated a dataset to be based outside of Australia, which could have been accessed by individuals from other countries. As such, it didn’t adhere to the organisation’s security footprint.

Security’s popularity for customers comes after significant security issues that took place in Australia over the last six months, which includes the rise of multi-party breaches  and the local impact of the global July CrowdStrike outage.