With a potential recession on the horizon, we know you want resources to help your business master the moment. We've put together our Agility & Excellence Resource Center to bring you strategies and solutions with a finger on the pulse of what's ahead.

Changing consumer behaviors in response to a potential recession have prompted many companies to reduce their operational spending. This side effect of an economic downturn can heighten cybersecurity risks. Cybercriminals have historically capitalized on social and economic crises by leveraging public uncertainty to launch additional attacks.

Your business must recognize the impact of cyber exposures from a recession and adjust operations accordingly.

How a Recession Could Alter Your Cyber Exposures

An economic recession could pose a variety of cyber risks for businesses of all sizes and sectors, including:

Restricting Your IT Department’s Spending Power

If your organization reduces its operation's IT budget in preparation for a potential recession (or any other reason), this will impact the availability of cybersecurity resources. This can leave your businesses incapable of purchasing innovative technology, conducting critical software updates and investing in advanced security solutions to address current cyberthreats. This will consequentially lower your company’s digital defenses and increase vulnerability to cyber incidents and associated losses.

Creating a Shortage of Highly Skilled Workers

Labor shortages have widened cybersecurity skills gaps within the workplace. Economic concerns will lead businesses to initiate hiring freezes or staff layoffs. However, reducing your workforce combined with rapidly evolving digital threats will only exacerbate the demand for cybersecurity talent and compound skills gaps. Further, companies that cap or eliminate cyber training programs for cost savings could face even larger skills gaps among existing employees. Cybercriminals will utilize staffing alterations to exploit these skills gaps with additional attacks.

Rising Vulnerability to Insider Threats

A recession can force some individuals into difficult financial situations. They may become desperate and engage in activities to help bolster their incomes. The security company Palo Alto Networks’ recent survey confirmed that economic hardship can lure individuals into committing cybercrimes against their employers. In exchange for payment, an employee will:

• Share confidential company data
• Distribute workplace login credentials
• Provide digital access to essential business assets

Compounding Cybercrime Apprehensions

An unstable economy can exacerbate existing cybercrime concerns from external attackers. The FBI reported a 22% increase in cybercrime during the last major U.S. economic downturn ― the Great Recession (2007-2009). Amid a future recession, there’s a strong possibility that history could be repeated in light of already surging cyber incident frequency and severity.

Heightening Concerns of Nation-State Exposures

During a recession, other nations may attempt cyberwarfare and other digital attacks to exploit economic weaknesses and further destabilize their operational framework. Several U.S. industries are more susceptible to nation-state cyberattacks during a down economy. Private sector businesses are targets due to their fundamental involvement in promoting a sufficient flow of capital. The public sector is vulnerable to an attack based on its contributions to vital infrastructures. Businesses should be concerned as the Russia-Ukraine war continues to escalate nation-state exposures.

Lowering Innovative Protection Solutions

Organizations traditionally look to cut back or eliminate operational funding for developing and adopting new cybersecurity solutions during an economic slowdown. However, cybercriminals’ attack methods will continue to expand and exploit the shortcomings in companies’ prevention and response capabilities to exacerbate losses.

Recession-Proof Cyber Risk Management Considerations

To combat cyber risks in a down economy, businesses can consider these best practices:

Establish a Cybersecurity Planning Guide

A cyber incident response plan will assist your business in establishing protocols that mitigate losses and swiftly respond to cyber events. Successful strategies should outline cyberattack scenarios, identify procedures to maintain primary functions during these scenarios and designate the individuals responsible for these functions. These plans should provide processes to notify relevant parties of cyber incidents. Routinely review your strategies to ensure effectiveness and adjust plans as necessary.

Conduct Routine Cyberattack Prevention Training

Employees are often the first line of defense against cyberattacks. Your organization must make cybersecurity training a priority. Ensure the training includes guidance to:

• Prevent opening or responding to emails from unknown individuals or organizations. Remind employees they can verify a trusted source’s identity by double-checking the address.
• Refuse to click on suspicious links or pop-ups on emails and websites. Don’t download attachments or software programs from unknown sources or locations.
• Utilize unique, complicated passwords for all workplace accounts. Never share credentials or other sensitive information online.

Work With Your Broker to Secure Cyber Coverage

Sufficient insurance coverage for your operations is especially important during a recession. Consider purchasing dedicated cyber coverage to ensure financial protection against cyber losses.

We’re Here to Help Your Business Operations During Economic Uncertainty

Businesses will encounter heightened cyber exposures in a down economy. You can reduce your losses with a better understanding of these risks and mitigation opportunities. Connect with a member of our team for additional risk management guidance.