Two-thirds of the chief economists in a survey by the World Economic Forum anticipate that a global recession is inevitable in 2023. 18% of these economists predict that the possibility of a recession is extremely likely.
The experiences from the global recession of 2008 indicate that an economic downturn will affect cybersecurity significantly. As a result, we are seeing a lot more discussion surrounding recession and cybersecurity. After all, CISOs need to work with fewer resources and fewer team members to manage the security of the organization at a time when the cyber risks are high.
Want to know more about the various aspects of recession and cybersecurity on organizations and the changes a recession brings to the cybersecurity landscape in 2023? Keep reading to find out.
Recession and Cybersecurity: The Key Trends and Changes to Expect
There Will Be an Increase in Cybercrime
Cybercrime almost instantly shoots up, whether it is a recession, a global pandemic, or force majeure events like a war or a natural disaster. Cybercriminals always view the crisis as an opportunity. And they have no qualms about exploiting crises to their advantage.
For instance, the FBI observed a 22.3% increase in reported criminal activity online between 2008 and 2009 when a recession hit the world. There were over 330,000 complaints about fraud made in 2009 alone. The dollar losses from fraud almost doubled between 2008 and 2009.
In 2023 with the onset of the recession, we are likely to see an increase in criminal activities. Why so?
Layoffs and salary cuts are inevitable during an economic downturn. This creates a whole set of disgruntled employees and partners, creating more exposure. They may engage in malicious activities using their access to company data or knowledge of privileged information.
They may also accept bribes from threat actors to sell login credentials, introduce malware into company systems, give access to company resources/ networks, etc. So, organizations have increased risks of cyberattacks by malicious insiders and disgruntled ex-employees during an economic crisis.
Layoffs, unemployment, and bad economies lead people with technological and programming skills to offer their services for hacking and other criminal activities for a few extra dollars.
Crises like a recession, a global pandemic, or a war offer fertile ground for running successful phishing campaigns and social engineering attacks. Concerned about their financial futures due to the recession, people tend to fall prey to phishing campaigns. People take bait more easily and click on enticing emails and links about financial planning, cost-of-living support packages, hiring calls, and other money-related stories. In the process, they may download malware, share credentials, transfer money, etc.
Most organizations would stop hiring new cybersecurity talent or lay off existing security staff. So, attackers will take advantage of the understaffed security teams and overworked defenses to look for and exploit vulnerabilities.
There Will Be Changes in the Cyberthreat Landscape
The current cyber threat landscape is already increasingly sophisticated and complex. Modern threats are sneakier and capable of evading traditional security solutions effortlessly. And attackers continue to adopt the latest technologies extensively to ensure higher success rates, even as most organizations struggle to incorporate the right technologies to protect themselves.
Ransomware, phishing, API attacks, and software supply chain attacks will be the top threats in 2023. However, the nature of these threats will evolve during the global recession. Ransomware attacks will target companies performing well during the recession rather than companies in the red.
As layoffs, salary cuts, and unemployment rates rise, there will be a much higher number of insider threats. Cybercriminals, activists, and even state-sponsored threat actors will look to bribe disgruntled employees and get them to do their bidding.
Geopolitical factors will also drive changes in the current cyber threat landscape. Enemy states tend to spread misinformation to sow discontent and benefit from turmoil in their adversaries’ markets. States with fiscal challenges and financial uncertainties will also try to benefit from stolen intellectual property and R&D information.
In the changing threat landscape, organizations must evaluate how macroeconomic and geopolitical factors affect them and redesign their cybersecurity strategies accordingly.
CISOs Will Focus on Value Maximization
A recession will bring budget cuts in all likelihood to cybersecurity. Even when regulatory frameworks mandate a certain minimum investment in cybersecurity, CISOs will not get extra funds or extra staff members to handle the incoming threats. Further, they will be under pressure to improve the cost-efficiency of the tech stack.
One key recession and cybersecurity trend will be that CISOs will trim the fluff and seek to eliminate expensive security tools. They will have to look to maximize value from their existing technologies and cybersecurity solutions. They may also consider adopting more comprehensive security solutions, exploring the discounts and savings of consolidating more tools from a single vendor.
The Talent Shortage Will Worsen
The probability of hiring freezes and layoffs is high during a recession. CISOs will be forced to get more done with the same or smaller security team. Small, overworked security teams bring several risks to the organization:
- Higher likelihood of smaller teams making errors in procedures and processes, introducing new vulnerabilities in the system.
- Crucial pen-tests may go unscheduled.
- Vulnerabilities may go unnoticed.
- Important security decisions may be forgotten/ deferred.
- Patch management schedule may go haywire.
AI, ML, Automation & Deep Learning in Cybersecurity Will Be More Critical Than Ever
In the wake of budget cuts, the downsizing of cybersecurity teams, and the changing cyber threat landscape, the criticality of AI, ML, automation, and deep learning increases manifold for organizations. We believe more organizations will realize the immense value these technologies drive and adopt them to strengthen their security posture.
These technologies augment human capabilities and expertise and have a massive impact on cybersecurity in cash-strapped organizations. Through the automation of manual and repetitive security processes such as scanning, organizations can free up the bandwidth of their security teams. So, security teams can now prioritize more strategic, high-value tasks that require their expertise, such as threat hunting and testing.
Organizations can remove the guesswork in cybersecurity by adopting AI, ML, deep learning, and self-learning systems. They can find anomalous behaviors, vulnerabilities, and threats more effectively, taking preventive and corrective action faster. These technologies will enable organizations to move from reactive cybersecurity to preventative cybersecurity.
Recession in Cybersecurity Companies
Another aspect of recession and cybersecurity is that cybersecurity as an industry is quite resilient during recessions and other major macroeconomic events. In fact, during the 2008 recession, the revenues, EBITA, TSR change, and other key metrics of cybersecurity companies improved.
However, the individual impact of the recession on cybersecurity companies differs. For instance, there is often a shift from proactive security technologies to incident response solutions or even essentials by customers. There is uncertainty on whether customers will return to old buying habits and purchase proactive security solutions.
Amid these uncertainties during the recession in cybersecurity companies, which ones are most likely to thrive? Well… companies that re-evaluate their cyber security strategies and address core customer challenges during economic downturns will thrive.
Conclusion
These are the key changes and trends to expect with respect to recession and cybersecurity. To effectively face the cybersecurity challenges that economic downturns bring, your organization must focus on building cyber resilience.
Leverage comprehensive, fully managed, intuitive security solutions like AppTrana to move from reactive to proactive and effective cybersecurity.
