Forrester warns Middle East conflict will squeeze IT budgets

Forrester has published a report on how conflict in the Middle East is affecting technology budgets and security planning, warning that geopolitical instability is bringing tighter scrutiny of spending.

The research links the conflict involving the US, Israel and Iran to supply chain disruption, higher energy costs and greater cyber risk. Those pressures, it argues, will force difficult decisions on infrastructure upgrades, cloud spending, AI investment and workforce planning.

Technology teams should expect infrastructure refresh costs to rise by 10% to 20% as general-purpose memory becomes scarcer, according to the report. It also warns that lead times for servers and networking equipment could lengthen as disruption affects a route through which about 20% of the world's oil and one-third of global helium normally passes.

Budget pressure

One of the central findings is that companies will need to examine IT spending more closely. With organisations allocating an average of 17% of IT budgets to the public cloud, leaders are being urged to tighten oversight of cloud and AI spending and apply broader FinOps disciplines to control costs.

The report also urges executives to address application sprawl and long-running technology debt. That means backing only upgrades and features with clear business value, while delaying or cancelling lower-priority work.

Stephanie Balaouras, Vice President Group Director at Forrester, said the pressures created by the conflict require direct intervention from senior technology leaders.

"Geopolitical volatility is not something technology leaders can wait out. It demands sharper trade-offs, faster decisions, and more visible leadership - across budgets, platforms, risk, and people," Balaouras said.

AI choices

The current environment is also reshaping the debate over AI spending. Rising energy prices, inflation and slower growth are combining with doubts over large technology outlays, making it harder for executives to justify broad AI programmes without a clear return.

"Geopolitical conflict is amplifying existing pressures as rising energy costs, persistent inflation, and slowing growth collide with skepticism about technology spending, particularly large AI investments. This is forcing hard choices about which platforms and AI investments truly matter.

"As tech leaders look to defend their AI investments, they'll need to move beyond experimentation and small-scale productivity gains to enterprise-wide strategies that deliver measurable outcomes. That means prioritizing high-value use cases, scaling agentic AI for future use cases, and embedding responsible AI governance," Balaouras said.

The analysis suggests firms will face growing pressure to show that AI projects address customer needs, not just internal efficiency targets. Organisations should prioritise AI initiatives that solve identifiable customer problems and deliver measurable business results, the report says.

Cyber risks

Security concerns form another major part of the analysis. State-aligned hacker groups are stepping up attacks on critical infrastructure and enterprise software, and the report calls on chief information security officers to activate resilience committees and run tabletop exercises.

It cites the recent attack on medical technology company Stryker by an Iranian hacker group as an example of cyber activity rising alongside armed conflict. While banking, defence, manufacturing, government and critical infrastructure appear especially exposed, the risk extends more broadly across industries.

"Cyber activity is rising alongside kinetic conflict, as evidenced by the recent attack on the Fortune 500 medical technology firm Stryker by an Iranian hacker group. While banking, defense, manufacturing, government, and critical infrastructure are obvious targets, CISOs of all industries shouldn't rule themselves out as the conflict spreads.

"Heightened geopolitical volatility also draws attention to the risks of dependencies on foreign power sources, vendors, and service providers. Rather than attempt full sovereignty across the entire IT stack, most private sector organizations should pursue minimum viable sovereignty - focusing on essential protections for specific workloads while avoiding unnecessary complexity," Balaouras said.

Energy and staff

The report also highlights operational risks tied to energy supply. Data centres rely heavily on grid electricity and diesel backup systems, and outages can require about 7,000 gallons of diesel per megawatt each day. Forrester argues that energy constraints should now be treated as a structural risk rather than a temporary disruption.

Alongside infrastructure and security concerns, the human impact of sustained geopolitical disruption is becoming more important. Workforce continuity, employee fatigue and retraining are all presented as management issues needing immediate attention.

"Geopolitical crises don't just disrupt systems - they strain the people required to keep those systems running. Workforce continuity can no longer be improvised as safety risks and regional instability force rapid shifts in where work happens and who can do it, often while infrastructure and cloud capacity are also under pressure. Be mindful of the emotional toll that employees may be bearing - and treat burnout as a business risk, particularly as it compounds execution risk just as leaders are making higher-stakes trade-offs.

"Stay the course on upskilling employees for AI, given that the transformation of business and work through AI and agentic workflows won't slow - but clearly frame it as augmentation and value creation rather than implicit workforce reduction," Balaouras said.