Wary of a recession? Increase your investment in cybersecurity technologies

Leading organizations in all industries have accelerated their digital transformation and change management over the past three years, and for a good reason. According to Deloitte, meaningful digital transformation initiatives can unlock up to $1.25 trillion in market capital across Fortune 500 companies, with similarly positive results demonstrated for mid-range and small enterprises.

The key word here is "meaningful." But what constitutes beneficial change management processes versus directionless spending?

Deloitte insights reveal that enterprises focused on a tech-aligned and digital-first strategy are far more likely to reap the benefits of digital transformation, as evidenced by higher valuations and capital returns relative to investment. In other words: organizations that plan and delineate digital transformation strategies are more likely to profit from said transformation. And organizations that adopt the proper tech -- at the proper time -- also prosper.

Often, "the proper time" for digital transformation is sooner than you think, especially as digital audiences become more savvy, opening the floodgates for new and evolving virtual threats. As easily accessible threat vectors like ransomware as a service (RaaS) become more common, organizational vulnerabilities become costlier. This partly explains why prominent organizations -- including the U.S. government -- are redoubling their investment in cybersecurity, even as economic outlooks stay uncertain.

Now is the time to increase your investment in cybersecurity -- not despite a possible recession, but because of it.

Cybersecurity is critical amid economic uncertainty

Cybersecurity becomes even more critical during times of crisis -- especially for business continuity. Nearly half of IT decision-makers (45 percent) identify ransomware as the most significant threat to business continuity, while 27 percent cite data breaches as the top concern, according to InterVision research. These threats become more dangerous during economically fragile times, during which bad actors become more inventive and therefore, more dangerous. Consider that cybercrime increased by 22.3 percent between 2008 and 2009 during The Great Recession.

Recent geopolitical events, including the Russian invasion of Ukraine and the rolling effects of COVID-19, have impacted our economic climate and cybersecurity landscape. Cybersecurity attacks against NATO countries have increased by 300 percent since 2020, and Google threat analysts forecast that cyberattacks against Ukraine and its NATO partners will continue alongside the conflict.

Meanwhile, organizations continue to feel the downstream effects of the pandemic. FBI cybercrime complaints jumped by 1 million between 2020 and 2021 as remote work altered how organizations stored data, inviting bad actors to exploit new vulnerabilities. And, although many organizations have returned to a hybrid or entirely in-person work environment, pandemic-era cybercrimes like phishing and low-grade extortion schemes remain incredibly popular. This trend likely explains why, according to Verizon research, ransomware attacks increased by 13 percent YoY between 2021 and 2022.

Factors contributing to our fragile economic environment have created a far less stable cyber ecosystem -- which is no coincidence. Cybercriminals are notorious for exploiting societal ills in their favor. And as a possible recession looms, enterprises have more to lose than ever.

The steep cost of digital fragility

Customer loyalty is critical in all macroeconomic conditions, but enterprises have less wiggle room during a recession or otherwise harsh economic climate. Competition is steeper, and as consumers focus on curtailing their spending, organizations must work harder to build loyalty and encourage consumer spending.

Digital trust is a crucial component of customer loyalty in the modern age. Consider that more than half of consumers (53 percent) will only purchase after verifying that the B2B or B2C seller has a reputation for protecting data, and 40 percent will not do business with organizations that demonstrably lack data protection protocols. Even more damaging, 10 percent of consumers say they’ll stop doing business with a company if they experience a data breach.

Furthermore, enterprise leaders must consider the operational expenditures associated with cybersecurity breaches. Data and ransomware breaches are incredibly costly -- and ransomware agents are certainly not concerned with how thin your budget is. In 2021, the average ransom demand was $2.2 million -- up from $900,000 in 2020. That’s in addition to remediation and operational costs. Although enterprises typically do not -- and should not -- pay a ransom, these numbers represent how lucrative the ransomware trade has become for bad actors.

Many enterprise executives and leaders view their operations as infallible. But make no mistake: your organization will be targeted. According to Statista, 70 percent of organizations were victimized by ransomware in 2022 -- the highest figure on record. Leaders must understand the severity of modern cyberattacks and take action today to prevent devastating losses.

How to invest smarter, not harder

Regardless of the severity of modern ransomware, IT leaders may find it challenging to get executive buy-in for an improved cybersecurity posture, especially in the current economic climate. And sometimes, it’s not enough for IT leaders to express the critical nature of cybersecurity spending.

Instead, IT leaders may find success in focusing on the soft benefits of cybersecurity innovation. Deloitte’s Global Technology Leadership Study found that 65 percent of executives have difficulty quantifying the qualitative benefits of cybersecurity technology. Thus, it may be beneficial to explain how robust cybersecurity parameters -- like multi-factor authentication (MFA), single-sign-on (SSO) and ransomware prevention services -- boost operational efficiency and decrease the likelihood of productivity losses associated with prolonged data or network outages. For context, IBM reports that the average data breach takes 277 days to contain.

Moreover, leaders must ensure their cybersecurity strategy is, well, strategic. The most reliable way to craft a tactical cybersecurity framework is to leverage threat intelligence. These insights -- driven by preventative security measures like continuous penetration testing -- allow leaders to understand cyber threats before they actualize. Unsure of where to start? It may be time to hire a chief information security officer (CISO) or consult a cybersecurity expert or managed services provider (MSP).

Organizations equipped with CISOs or MSPs are more likely to craft well-realized processes that prioritize innovative technologies and programs. Although this involves investing more on the front-end, it ultimately results in greater returns. According to BCG research, only enterprises with advanced cybersecurity architectures have time to respond to emerging threats. For context, mature organizations typically spend about $1,400 in cybersecurity per full-time employee (FTE), while unprepared and reactive enterprises spend just $600 per FTE.

Drafting a cybersecurity plan that is proactive instead of reactive is the most effective way to address cyber threats today. But whatever you do, don’t allow it to be your only step -- you must enact and maintain your plan. Otherwise, your enterprise may incur costs that are damning in the best of times and insurmountable in the worst.

Image credit: Anidimi/depositphotos.com

Jonathan Lerner is CEO and president of InterVision, a leading managed services provider, delivering and supporting complex IT solutions for mid-to-enterprise and public sector organizations throughout the US. Jonathan has spent the last two decades inspiring high-performance teams to define market differentiating strategies that deliver operational excellence and drive profitable revenue growth. His executive leadership spans multiple industries including financial services, capital markets, technology services, professional and managed services, retail, logistics, distribution, public sector, and telecom.