780.424.2727 email
get a Quote
Managing Cyber Risks in a Down Economy
July 6, 2023

Managing Cyber Risks in a Down Economy

During an economic slowdown, businesses often experience decreased sales and profit margins stemming from changing consumer behaviours, prompting them to reduce spending to avoid issues such as bankruptcy. In addition to these adverse effects, a down economy can also create heightened cybersecurity risks. Cybercriminals have historically capitalized on social and economic crises by leveraging public uncertainty to launch additional attacks, as evidenced by rising cost-of-living scams and numerous cyber losses throughout the COVID-19 pandemic.

Cyber Exposures in a Down Economy

An economic downturn could pose a variety of cyber risks for businesses of all sizes and sectors, including:

  • Limited IT spending abilities—In preparation for a recession, businesses may implement strategies to decrease spending and scale back certain operational costs. This could entail cutting IT expenses and, in turn, reducing available cybersecurity resources. While making difficult financial adjustments is common during a down economy, limiting IT spending may leave businesses unable to purchase new technology, conduct critical software updates and invest in advanced security solutions to address the latest cyber threats. Consequently, companies’ digital defences will likely degrade, making them increasingly vulnerable to cyber incidents and associated losses.
  • Elevated skills shortages—Labour shortages have recently impacted most businesses and have contributed to widening cybersecurity skills gaps within many workplaces. In the lead-up to an economic downturn, companies may implement hiring freezes or conduct staff layoffs, which theoretically could help decrease these skills gaps by allowing the talent pool to catch up with the demand for labour. However, shrinking workforces paired with rapidly evolving digital threats will likely only exacerbate demand for cybersecurity talent and compound skills gaps. Further, companies that limit or cut their cyber training programs as a cost-saving measure could encounter even larger skills gaps among their existing employees. As cybercriminals become aware of companies’ staffing changes, they may exploit these skills gaps by deploying additional attacks.
  • Increased insider threats—Poor economic conditions affect both businesses and individuals. Some individuals in troubling financial situations could be pushed to engage in activities they otherwise wouldn’t to help increase their incomes—namely, employee-orchestrated cyber incidents. These crimes may involve sharing confidential company data, distributing workplace login credentials or providing digital access to essential business assets in exchange for payment—all of which could result in costly cyber losses for impacted employers.
  • Compound cybercrime concerns—Apart from increasing insider threats, a down economy could also exacerbate existing cybercrime concerns resulting from external attackers. During the height of the COVID-19 pandemic, Canada saw a 45% increase in police-reported cyber crimes between 2019-2021, according to Statistics Canada. It’s certainly possible that history could repeat itself amid a future recession, taking already surging cyber incident frequency and severity to new highs.
  • Heightened nation-state exposures—When a country enters a recession, other nations may attempt to exploit its economic weaknesses and further destabilize its operational frameworks by launching cyberwarfare and other digital attacks against its citizens and businesses. As a result, several Canadian industries could be more susceptible to nation-state cyberattacks during a down economy. Specifically, businesses in the private sector could be targeted due to their integral involvement in promoting a sufficient flow of capital; similarly, those in the public sector could be attacked due to their contributions to vital infrastructures. Considering cyberwarfare incidents are currently on the rise due to the ongoing Russian war in Ukraine, nation-state exposures could be particularly concerning for many businesses.
  • Reduced innovation capabilities—As part of their decreased spending measures, businesses may cut back or completely eliminate funding for developing and adopting new cybersecurity solutions amid an economic downturn. However, cybercriminals’ attack methods will continue to advance, allowing them to exploit the shortcomings in companies’ prevention and response capabilities and exacerbate losses.

Cyber Risk Management Considerations

Businesses can consider these best practices to combat cyber risks in a down economy:

  • Have a plan. Cyber incident response plans can help companies to establish protocols for mitigating losses and acting swiftly amid cyber events. Successful plans should outline potential cyberattack scenarios, methods for maintaining essential functions during these scenarios and the individuals responsible for such functions. These plans should also provide procedures for notifying relevant parties of cyber incidents. Businesses should routinely review their plans to ensure effectiveness, making adjustments as needed.
  • Conduct training. Employees are often the first line of defence against cyberattacks. That’s why businesses need to make cybersecurity training a priority. Employees should receive the following guidance during such training:
    • Avoid opening or responding to emails from unfamiliar individuals or organizations. If an email claims to be from a trusted source, verify their identity by double-checking the address.
    • Never click on suspicious links or pop-ups, whether in an email or a website. Don’t download attachments or software programs from unknown sources or locations.
    • Utilize unique, complicated passwords for all workplace accounts. Never share credentials or other sensitive information online.
  • Purchase cyber coverage. Companies should consider purchasing dedicated cyber coverage to ensure financial protection against cyber losses.

Overall, it’s evident that businesses will encounter elevated cyber exposure in a down economy. Companies can reduce associated losses by better understanding these risks and taking steps to mitigate them.

Did you know that 60% of small and medium businesses don’t survive after a cyber attack? Protect your business with Cyber Insurance, call us at 780.424.2727 or click here to get a quote.