“Security leaders will need to adapt, swiftly, to speaking the language of the business in relating any necessary spend to key performance indicators, alignment with strategy and cost-saving initiatives,” Steve Durbin, Managing Director, ISF
As the number of cybersecurity threats has increased over the last decade, CISOs and their teams have benefited from budget increases. This wellspring of security spending was meant to help organizations create more resilient infrastructures, repel outside attacks and reduce the risks presented by data breaches and leaks.
And now the COVID-19 pandemic may change all that.
As stay-at-home orders begin to lift and some workers begin to return to physical offices, organizations large and small are coming to grips with the aftermath of staying closed for months, with indicators signaling that many parts of the world could slip into an economic recession, or worse, a depression. As a result, overall IT spending is likely to take a hit, which may affect cybersecurity budgets, as well.
Shift In Priorities
As parts of the world emerge from the COVID-19 pandemic, many organizations are reassessing their priorities, such as whether to bring staff back to offices or to keep employees at home to help reduce risk. With that, CFOs are making budget decisions based on overall economic factors that are likely to affect technology issues such as spending on technology and security infrastructure.
Steve Durbin, the managing director of the non-profit Information Security Forum, notes that many organizations are likely to focus on mission-critical projects that can return a profit. After that, it’s likely that the fallout from COVID-19 will affect security hiring, buying of products and services and other cybersecurity initiatives.
“Expect to see an increase in contractor hires—with a shaving of day rates—outsourcing service contracts where prices are keenly monitored and adjusted regularly, freezing of non-essential contracts such as training, non-essential travel becoming non-existent and unfortunately, the inevitable layoffs with associated pressure on salaries across the sector,” Durbin told Dice.
Durbin believes, however, that most of these cuts will be temporary and that forward-thinking organizations know that security can’t be slashed at a time when adversaries are finding more and more ways into enterprise networks. If CISOs are smart, Durbin added, they can use this time to strengthen their position within their organization.
“Security leaders will need to adapt, swiftly, to speaking the language of the business in relating any necessary spend to key performance indicators, alignment with strategy and cost-saving initiatives,” Durbin said. “We will see cutbacks and the need for effective management of resources will be key—but not at the cost of opening up our organizations to attack or reputational damage which hinders the return to business effectiveness and longer-term prosperity. We are set for a period of readjustment. A reboot is now in progress. And security has a chance to grab one of those seats at the table that it has been clamoring for to help in rebuilding our organizations and the larger economy in a safer, more security-manageable way.”