Why Security Is Needed In A Downturn?


There is no denying the fact that these are challenging times for the people in charge of information security. They are not only coping with the rising advanced threats to corporate data and network but in many situations, they are struggling to figure out solutions on tiny budgets and limited staff. Moreover, in the current declining economy, security attacks inevitably increase.

In the ongoing economic downturn, many organizations are cutting costs and security expenses, as these are considered to be the areas that can always survive a cash-crunch, whenever the conversation around money allocation gets tough and it becomes a question of where to spend or save money. In such circumstances, organizations and security leaders can employ certain immensely useful approaches that can help them combat these challenges.

The approach may include expanding of technologies that automate security processes, asking vendors for discounts on services and products, and even putting an effort to educate employees about the significance of security. Let us dissect how security can be managed better and can further drive innovation in the current economic slowdown.

How Security Threats Evolve During A Downturn?

The current downturn has increased job losses. As a result, security analysts are warning organizations to be cautious about protecting their network and data against disgruntled employees. As of today, one of the largest threats to corporate systems and enterprise data comes from the members who have privilege access to such systems. It enhances their capability and makes them more prone to act maliciously or cause accidental damage, in comparison to outside attackers.

This threat usually increases when the organizations are laying off staff, deferring promotions, cutting back on bonuses, or consolidating operations to save money. All of these circumstances generally arise during an economic slowdown and enhances the risk for the company from a stakeholder’s perspective.

Such threats often surface in several different ways. Users who have access to confidential information like corporate secrets or customer data might want to disclose or steal that information, for their personal benefit or just to seek revenge by inflicting these threats on the companies. Moreover, there are also many tech-savvy individuals or hackers, who are always looking to disrupt corporate data and systems by planning malicious codes or logic bombs that are developed to delete data on critical systems.

Why Invest In IT Security During a Downturn?

The current downturn in the economy is encouraging cyber crime all around the world. Cybercrime covers a vast range of threats including cyberstalking, hacking, malicious software, and a lot more.  This makes it more important than ever to invest in cyber security.  The following are some strong reasons why having cybersecurity in your organization could prove vital in these times.

  • Many IT employees are losing their jobs and this is giving them more leisure time, exacerbating their chances of committing cyberattacks.
  • Less focus on cybersecurity provides an opportunity for the attackers to take advantage of the opportunity. As companies are concentrating on the downturn, it is weakening the capabilities of cybersecurity, and slowing down their efficiency to dominate the fight against cybercrime.
  • The downturn can force organizations to reduce their workforce and cut-back the salary of their employees. As a result, disgruntled employees might turn towards stealing sensitive information and selling it to their competitors for a profit.

Ways To Manage Security In Downturn

To tackle security threats, companies or organizations must possess an appropriate level of security to run their operations seamlessly. Here are some of the ways to maintain a standardized security level during a downturn.

1. Have The Right Members In Your Team

As budgets get slashed, the organization will require its best people to be at the helm. Having the right team, working on the core security is more significant than anything else, because you will have to trust and rely on them even more. The members of such a team, shall not only have a unique set of skills but must also adopt a resilient mindset.

It is also recommended to repurpose people to evade lay-offs, as much as possible, and strategise more efficiently. For example, O365, 2FA, event management and security systems enabled the automation of more events. The members who were in charge of the tasks before, now consequently got reassigned.

2. Prioritize Based on Risk

In the current economic scenario, some risks may not be worth the investments. What this implies is that businesses should know how to get their priorities in order. Choices made on spending should influence not only those areas where risks lie but also in domains where the immense opportunities exist.

Managing information security to obtain strategic benefits in the declining economy also implies that tough judgment calls will be unavoidable. Especially when an organization evaluates which risks are to be immediately addressed and which aren’t worth the costs. For instance, if a large bank invests in a customized solution to minimize fraud, it will have to look at a cost of around 3 million dollars annually, in order to operate with the bells and whistles.

It is thus recommended to shift the focus from the development of the latest security technologies to a united security approach that covers the domains where the organization is heading towards. Moreover, organizations can get funding for their risk management efforts, if their security controls can address several areas of risk at once by using multipoint solutions. By understanding who has access to what systems can further assist the prevention of frauds.

3. Outsource And Automate Wisely

Organizations are suggested to properly probe and investigate all the connections before deciding on outsourcing any of your services. Outsourcing does sometimes cut costs and create effectiveness, however, organizations should consider that it also places additional security risks on the business, as the cost-cutting may not have all the services that were expected. Furthermore, in the case of outsourcing, where you have no option but to trust another party with the confidential information of the organization, there is always a possibility for potential data loss.

4. Developing Repeatable Processes

Creating well-regulated pathways of doing business can go a long way in creating the effectiveness of data security. Often, different units have different ways of performing the same functions. However, there are incredible opportunities for the organization to leverage its assets by hiring other teams to minimize the cost of assuring protection of the company.

The group may include IT, finance, or audit. Hence, it is essential to look at how effective the past practices have proven to be, before replicating them as is. Following this approach may ultimately help the organization to trust and utilise the information acquired from its internal partners and manage the organisational security more efficiently.


Difficult economic times may lead to more security attacks. Therefore, managers must pay attention to and work upon the above-discussed factors to ensure security throughout their organization. They must consider tweaking and enhancing several security aspects including critical day-to-day operations and security strategies, in order to ensure efficient and effective organizational security.

Matt is a global CISO with 20+ Years of Directing International Security Programmes for Multi-Billion Pound Organisations. With a passion for security and a cybersecurity evangelist.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.