The financial outlook for the rest of 2023 and 2024 is far from cheery, and economic uncertainty is affecting everyone and everything, including the cybersecurity sector.
Security budget cuts or freezes are the course many organizations are tempted to take in this financially precarious situation. Conservative spending is a natural response to the present economic downturn and a possible recession knocking on our doors, implying fewer clients, lower profits, and higher costs.
Should organizations like yours reduce or freeze cybersecurity spending? What can a chief information security officer (CISO) do to meet stakeholders’ expectations while keeping sight of your security team’s interests and protecting the organization?
How can cybersecurity budget cuts and freezes affect your organization?
There are good reasons to believe that security budget cuts, especially if they include layoffs, are not the most prudent way to fend off economic headwinds.
A strong correlation between an economic crisis and a substantial increase in cybercrime
As George Gerchow, Sumo Logic’s Chief Security Officer, noted during a recent HackerOne event, “Whenever there are times of high anxiety, such as an economic downturn coming off of a pandemic, bad actors are at their best.” The FBI’s annual Internet Crime Reports confirm this.
The reports from 2008 and 2009 — remember, this is the period of “the worst economic disaster since the Stock Market Crash of 1929” — show drastic increases in the complaints received compared to the years before and after the global financial crisis.
The number of complaints in 2007 was 206,884. In 2008, it grew to 275,284 — a staggering 33.1% increase compared to the previous year. In 2009, the FBI’s Internet Crime Complaint Center recorded 336,655 complaints — 22.3% more than in 2008.
For comparison and to better understand how fertile ground a prolonged economic downturn can be for cyber attacks, the number of complaint submissions in 2010 (right after the end of the crisis) not just didn’t increase but dropped to 303,809.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.