Times are hard, but don’t skimp on cybersecurity


Excessive monetary tightening has ushered in a period of economic instability for businesses in each developed and developing countries. That is, understandably, causing alarm bells for business leaders, who had hoped for some reprieve post-pandemic.

While some businesses are considered recession-proof – reminiscent of grocery stores, healthcare providers, or those with a market monopoly – on account of the essential goods and services they supply, most businesses feel the sting of inflation through increased costs of wages, overhead, raw materials, and inventory, in addition to supply chain disruptions and changes in demand.

At times like these, businesses want to cut costs – but they must be smart about this. As explained by Oracle Netsuite: “Broad untargeted cuts might be unsustainable and impede growth. [Businesses should] analyse which expenses are essential to the core function of [their] business and which might be cut without impacting profitability.”

This got me fascinated about businesses’ insurance and risk management spend, particularly for discretionary purchases like cyber insurance. If firms aren’t contractually obliged to purchase cyber insurance – which is just not yet a standard practice – they could opt to chop costs by reducing their cybersecurity spend, or foregoing cyber insurance coverage altogether.

That’s problematic in some ways – at first, because all businesses (no matter size or sector) are vulnerable to cyberattacks and breaches. In the event that they’re not prepared for an almost inevitable cyber incident, they might potentially suffer a loss that puts them out of business, either through sheer financial devastation or through the slow burn of disrepute.

Nevertheless, cybersecurity comes with a price. While basic items, like enabling multi-factor authentication (MFA) on networks and applications, are very low-cost (sometimes free) to implement, other tools like endpoint detection and response (EDR) and securing appropriate backup and network segmentation include quite the value tag.

Moreover, because the cyber threat landscape evolves – and it’s at all times evolving, with bad actors seemingly one step ahead in any respect times – firms must update their cybersecurity in tandem. It’s an ongoing business expense, which is a smart investment within the grand scheme of things, but an actual pain when firms are teetering getting ready to financial hardship.

In addition to investing in cybersecurity measures, firms even have the choice to buy cyber insurance. As I discussed, this is usually a discretionary insurance purchase – but it surely is one which more firms should consider, especially on this elevated threat landscape.

Nevertheless, cyber insurance is basically expensive. It has been for the past few years as cyber insurers have responded to a plague of very costly ransomware attacks and data breaches. My concern is that companies are the value tag, and so they’re considering the inflationary pressures in the worldwide economy and UNCTAD’s warning that we’re “on the sting of a world recession”, and so they’re going to say: “No thanks!”

If firms reject cyber insurance, and so they fail to effectively self-insure their cyber risk by investing money and time into their cybersecurity, then they’re sitting geese for potentially business-destroying cyber events.

The message is straightforward – and it’s one which insurance brokers ought to be considering internally, and communicating externally with clients: Irrespective of how hard times could also be, or how dire the economic outlook is, don’t skimp in your cybersecurity spend. In the event you do, the implications might be catastrophic.


Leave a Reply

Your email address will not be published. Required fields are marked *