Can you recession-proof your cybersecurity strategy?

Egress | 29th Sep 2022

Tech companies thrived during the Covid-19 pandemic when people had no choice but to stay home and connect online. But with the looming energy crisis and recession set to stall the economy, many tech organizations are tightening their belts by making swift decisions to freeze hiring and, in some cases, even lay off employees. 

According to research by Zapier that surveyed over 500 technology founders, executives, and employees at tech companies, over half don't think they will survive a recession that lasts two years. And while tech leaders look for ways to cut costs to try and stay afloat, cybercriminals search for signs of weakness in organizations' cybersecurity strategies. 

Cybercriminals thrive during times of uncertainty

Digitization has come a long way since the last recession, which makes it difficult to fully comprehend what impact the coming recession will have on global cybersecurity. However, Covid-19 and the recent Ukraine crisis show how much cybercriminals ramp up their efforts during times of uncertainty by exploiting peoples' fear. 

For instance, the increased layoffs that often accompany these times of uncertainty typically lead to more work spread out between fewer employees. This puts these employees under more stress, which means they're more likely to make mistakes. 

An increase in remote working has also led to many people feeling less connected to others within the organization they work in, which can make them less likely to ask for security support when they need it. In addition, some remote employees choose to work from their personal laptops, which often do not have adequate security software installed.

Cyber attacks are rising – can businesses risk spending less on cybersecurity? 

While cybersecurity isn't entirely recession-proof, it is much closer than many other industries. This is largely because cyber attacks are becoming increasingly prevalent. Our recent report, Fighting Phishing: The IT Leader's View, revealed that 84% of businesses had been hit with successful phishing attacks over the last 12 months – a 15% increase from 2021. 

Business leaders are taking notice of these rising threats. A Gartner survey published in November 2021 revealed that 88% of Boards of Directors (BoDs) view cybersecurity as a business risk. This suggests that company security budgets are more likely to be preserved than many other budgets within the tech sector. 

Paul Proctor, Gartner's Distinguished VP Analyst, said, "The influx of ransomware and supply chain attacks seen throughout 2021, many of which targeted operation- and mission-critical environments, should be a wake-up call that security is a business issue and not just another problem for IT to solve."

The cost of data breaches is also increasing rapidly. Recent research by IBM reveals that the average data breach cost increased 2.6%, from $4.24 million in 2021 to $4.35 million in 2022. This is a 12.7% increase from $3.86 million in the 2020 report. This shows a clear need for leaders to invest in the right defenses to protect their organizations. 

However, having a robust cybersecurity strategy isn’t all about having a large budget. Effective leadership, continuous training, and a security-oriented mindset are all equally as important, and yet are often neglected by organizations.

Adapting your cybersecurity strategy for a recession under a tight budget

Given that the number of cyberattacks is set to rise over the next few months while budgets are expected to shrink, there are several things that you can do to adapt and strengthen your cybersecurity strategy within your organization. 

First off, you should build a positive culture around cybersecurity by carrying out regular red team exercises to highlight security vulnerabilities within your organization. You should also empower employees to take control of their own cybersecurity by providing targeted security awareness training (SAT) to educate them about information security issues. 

You can also use established open-source cybersecurity frameworks such as the NIST Cybersecurity Framework and the CIS Critical Security Controls to ensure that your organization is following the latest and best practice standards to safeguard your data. In addition, you can use architecture frameworks such as COBIT to identify areas of risk within your organization. 

Finally, you should make sure that your organization is compliant with industry and geo-specific regulations, such as General Data Protection Regulation (GDPR), which applies to all businesses and organizations established in the EU, and the California Consumer Privacy Act (CCPA), which applies to for-profit businesses that do business in California and meet a certain list of criteria. 

Following these steps will help you to boost your organization’s cybersecurity strategy without significantly eating into your budget as the threat of recession looms.