To help minimize the growing inflation concerns that have cut across industry lines in recent years, the Federal Reserve (Fed) has steadily raised interest rates. Economic experts predict that the Fed’s efforts will eventually pay off in 2023, with inflation concerns easing throughout the year. Still, some experts have predicted that rising interest rates will ultimately cause a recession—a protracted and pervasive reduction in economic activity—in the near future.
During a recession, businesses typically experience reduced sales and profit margins stemming from changing consumer behaviors, causing them to cut spending to avoid problems such as bankruptcies. A low economy can also create increased cyber security risks. After all, cybercriminals have historically taken advantage of social and economic crises by leveraging public uncertainty to launch additional attacks, as evidenced by rising healthcare fraud and related cyber losses during the COVID-19 pandemic.
As such, it is critical for businesses to understand the cyber exposures that can result from a recession and adapt their operations accordingly. This article outlines cybersecurity issues that businesses should be aware of in a down economy and provides risk management strategies to mitigate such issues.
Cyber risks in a down economy
An economic downturn can present a variety of cyber risks to businesses of all sizes and sectors, including:
- Limited IT expenses— In preparation for a recession, businesses may implement strategies to reduce their spending and reduce some operating costs. This can mean reducing IT costs and in turn reducing available cybersecurity resources. While it’s common to make difficult financial adjustments during a recession, curbing IT spending can prevent businesses from purchasing new technology, implementing critical software updates, and investing in advanced security solutions to deal with the latest cyber threats. Consequently, companies’ digital defenses are likely to deteriorate, making them increasingly vulnerable to cyber incidents and associated losses.
- Increased skills shortage– The lack of labor has affected the vast majority of companies in recent years. Such deficiencies have contributed to widening the cybersecurity skills gap in many workplaces. In the face of an economic downturn, companies may implement hiring freezes or lay off staff, which could theoretically help narrow these skills gaps by allowing the talent pool to catch up with labor demand. But shrinking workforces combined with rapidly evolving digital threats are likely to only exacerbate the demand for cybersecurity talent and increase skills gaps. Furthermore, companies that limit or reduce their cyber training programs as a cost-cutting measure may encounter even greater skills gaps among their existing employees. As cybercriminals become aware of corporate personnel changes, they can exploit these skill gaps by using additional attacks.
- Increased insider threats—Poor economic conditions affect both companies and individuals. This means that a recession can put some individuals in troubling financial situations, potentially forcing them to engage in activities that they would not otherwise contribute to increasing their income. A recent study conducted by security firm Palo Alto Networks confirmed that financial hardship can potentially attract a significant portion of individuals to commit cybercrimes against their employers, fueling insider threats within businesses. These crimes can involve sharing confidential company data, distributing credentials in the workplace, or providing digital access to critical business assets in exchange for payment – all of which can result in costly cyber losses for affected employers.
- Composite cybercrime—Aside from increasing insider threats, a declining economy can also exacerbate existing concerns about cybercrime from external attackers. According to FBI data, cybercrime increased by 22.3% during the last major economic downturn in the United States – known as the Great Recession – which took place between 2007 and 2009. It is certainly possible that history could repeat itself in the midst of a future recession, with an already growing cyber incident. frequency and severity to new peaks.
- Increased nation state exposures—When a country enters a recession, other nations may seek to exploit its economic weaknesses and further destabilize its operational framework by launching cyberwarfare and other digital attacks against its citizens and businesses. As a result, several US industries may be more susceptible to nation-state cyberattacks during an economic downturn. Specifically, private sector firms could be targeted because of their integral commitment to promoting adequate capital flow. similarly, those in the public sector could be attacked for their contribution to vital infrastructure. Given that cyber warfare incidents are currently on the rise due to the ongoing conflict between Russia and Ukraine, growing exposures to nation states may be of particular concern to many businesses.
- Reduced ability to innovate—As part of their cost-cutting measures, companies may reduce or completely eliminate funding to develop and adopt new cybersecurity solutions amid an economic downturn. But cybercriminals’ attack methods will continue to evolve, enabling them to exploit gaps in companies’ prevention and response capabilities and compound losses.
Cyber risk management considerations
To combat cyber risk in a down economy, companies can consider these best practices:
- Have a plan. Cyber incident response plans can help companies establish protocols to reduce losses and act quickly in the midst of cyber incidents. Successful plans should outline potential cyber attack scenarios, methods for maintaining key functions under those scenarios, and the people responsible for such functions. These plans should also provide procedures for notifying relevant parties of cyber incidents. Companies should routinely review their plans to ensure effectiveness and make adjustments as needed.
- Conduct training. Employees are often the first line of defense against cyber attacks. That’s why it’s important for companies to make cybersecurity training a priority. Employees should receive the following guidance during such training:
- Avoid opening or replying to emails from unknown people or organizations. If an email claims to be from a trusted source, verify their identity by double-checking the address.
- Never click on suspicious links or pop-ups, whether in an email or on a website. Do not download attachments or programs from unknown sources or locations.
- Use unique, complex passwords for all workplace accounts. Never share login credentials or other sensitive information online.
- Buy cyber coverage. Especially during an economic downturn, it is imperative for businesses to have adequate insurance. Businesses should consider purchasing dedicated cyber coverage to ensure financial protection against cyber losses.
We can help
Overall, it is clear that businesses will face heightened cyber exposure in a down economy. By better understanding these risks and taking steps to mitigate them, companies can reduce related losses. If you would like additional information and resources, we are here to help you analyze your needs and make the right coverage decisions to protect your business from unnecessary risk. You can download a free copy of our eBook, or if you’re ready make Cyber Liability Insurance part of your insurance portfolio, request a quote or download and get started with our Cyber & Data Breach Insurance Application then we’ll get started for you.