When tough financial times strike and budgets get cut, cybersecurity programs often end up on the chopping block. While this may feel like a short-term win, it ultimately puts organizations in a more precarious position going forward; and it may be counterproductive. Not only are there a myriad of ways that companies can strategically position their security investments to maximize their effectiveness, but security overall presents a cost-savings opportunity many companies overlook.
Hard Times Mean More Crime
CXO Today notes recessions have a negative effect on the overall cybersecurity climate, stating that “Organizations have increased risks of cyberattacks by malicious insiders and disgruntled ex-employees during an economic crisis.” The FBI recorded a double-digit increase (22.3%) in reported online criminal activities during the recession-hit economy of 2008-2009, and similar economic factors could prompt such increases again.
Here are a few reasons why online crime goes up when the economy goes down:
- Experts with technical and programming skills are more persuadable to allow themselves to be recruited by cybergangs and hacking organizations in exchange for more money.
- Public concern, fuelled by economic uncertainty, can prove fertile ground for phishing and other social media attempts that play on immediacy and fear.
- Hiring freezes for cybersecurity analysts leave security operations centers (SOCs) stagnant, exacerbating their challenge to cope with an increase in load than before. Consequently, more exploits get through.
While budgets are understandably thinner during such economic downturns, making cybersecurity budget cuts at a time when cybercrime is at its peak would have a compounded negative effect. If anything, increasing security spending to bolster against such eventualities makes more sense.
Think Budgets are Tight? Try Affording a Cyberattack
To offset losses incurred by a slumping economy, cybersecurity programs seem like big, tempting targets to balance the budget. However, by doing so, organizations may trade a small problem for an even bigger one. According to IBM, the average cost of a data breach in 2023 was $4.45 million USD. And that’s just the monetary cost. Total fallout from a cyberattack extends to:
- Reputational damage
- Loss of consumer trust
- Decreased sales
- Legal fines
- Compliance ramifications
Tellingly, the findings also indicated that following a data breach, most victim companies (51%) opted to increase security investments. As Josh Davies, Principal Technical Marketing Manager at Fortra’s Alert Logic, noted, “We see companies cut their security investments, but then immediately turn and say ‘Oh, we should be investing in security very quickly again’ because the minute it’s cut, that’s when their risk increases fairly significantly.” Organizations may save the cost of a few employees or a handful of solutions, but when compared with the potential expense of a critical attack, the savings are not worth the risk – monetarily or in any other way.
4 Ways Strong Cybersecurity Can Actually Save You Money
Organizations may not realize that a strong, well-provisioned cyber defense can be their best financial move in times of economic crisis. Cybersecurity is a strategic investment, and it shows its value in the following ways:
1. Protecting intellectual property (IP). According to The Commission on the Theft of American Intellectual Property, intellectual property theft costs the U.S. between $225-600 billion per year. For companies charged with protecting it, it’s a double loss as not only the IP value is lost, but so is the reputation of the company legally bound to secure it.
2. Securing customer data. When customer data is lost, lawsuits and compliance fines can follow. These are obvious scenarios for any money-conscious organization to avoid, especially in a climate of financial hardship. A relatively small investment in securing Personally Identifiable Information (PII) can pay big dividends in securing your customers’ confidence and therefore your company’s future.
3. Safeguarding customer trust and loyalty. A report by Cyberint notes that six out of every 10 customers would stop shopping with a retailer if that retailer had suffered a data breach. Especially in times of fiscal uncertainty, companies need to play the long game and survive to thrive another day. Jeopardizing years of hard-won credibility and customer loyalty on a few temporary cybersecurity budget cuts – especially in areas critical to the company’s success – not only risks higher costs in the immediate future but threatens to undermine your customer base.
4. Demonstrating commitment to security for stakeholders. Organizations that make it through recessions are ones that play the long game. Slashing security investments and creating more fear, risk, and insecurity at a time when the economic environment is itself unstable is not the way to instill confidence in stakeholders nor secure future funding from investors. A sudden plummet in stock price is the last thing any struggling company needs.
Defend Your Assets and Your Bottom Line
With a bit of creativity and expert advice, companies can continue to achieve their security outcomes and still stay in the black. Efficient budget allocation can mitigate cybersecurity risks by putting your resources right where they are needed the most. Here are some cost-effective ways to avoid cybersecurity budget cuts and do a lot with a little.
Opt for proactive (vs. reactive) security measures
In a time of high online crime and economic unrest, defending against cyber threats should be a top priority for companies looking to survive the storm. That means sometimes taking the fight to them – or at least, to their tactics. Proactive (also known as offensive) security measures like pen testing, red teaming, and even regular vulnerability assessments can help you spot signs of weakness in your environment before threat actors do.
Optimize existing resources
For organizations looking to make investment count, interoperability is a huge determining factor when it comes to tools you can use today when times are tight, and in the future when the budget opens up.
Automate security
Security automation is another great way to make resources spread and do more with less. Leaner teams can keep up with force-multiplying tools like XDR and other automated options.
Save with a managed security solution
One of the best ways to maximize your existing security investments, stretch a thinning team, and optimize a fixed or shrinking budget is to rely on managed security solutions.
Even the most advanced tooling requires those with special expertise to get the most out of it. Without the proper human resources, companies who seek to save by buying “only the tools” may find themselves upside down on their purchase as qualified professionals are the other half of the value-add.
Fortra’s Alert Logic managed security services put companies in contact with cutting-edge cybersecurity technology and experts who know how to use it, giving organizations affordable access to the best tools and expertise right when they’re needed the most without any cybersecurity budget cuts.
Cybersecurity Outcomes are Business Outcomes
Cybersecurity outcomes are intrinsically tied to business outcomes because security is an enabler for an organization, not a hindrance or a roadblock. Think of cybersecurity like insurance: In scenarios of high risk, premiums go up (not down) because there is a higher likelihood of using that policy. The same can be said of your security strategy. When economic storms are blowing, it’s the wrong time to save money by selling your umbrella.
Learn about Alert Logic’s scalable pricing for managed security services