A recent study conducted by HackerOne, the world's largest ethical hacker community, revealed that half of the surveyed organizations experienced a surge in cybersecurity vulnerabilities in the last year. This alarming trend has been attributed to security budget cuts and layoffs. At a HackerOne event, researchers, along with ethical hackers and leaders from Sumo Logic and GitLab, discussed the economic impacts of this issue.
The experts emphasized the critical role of DevSecOps, machine learning, and artificial intelligence in mitigating security risks during an economic downturn, particularly in light of the current vulnerable state of organizations. They also highlighted how some companies are achieving more with less in the face of these challenges.
The survey reveals that 75% of the surveyed companies are experiencing difficulties in managing cybersecurity effectively due to economic reductions like budget cuts, hiring freezes, and layoffs. While these cost-saving measures may seem beneficial in the short term, cutting back on cybersecurity investments can lead to severe consequences for companies in the long run.
In addition to this, the FBI's report in 2008 and the recent pandemic, it is evident that cybercrime tends to surge during times of economic recession and crises.
According to Acronis, the average cost of a data breach is now at an unprecedented high of over $5 million, which is expected to increase by 2023.
Furthermore, with the continuous changes in the regulatory framework, compliance risks are also on the rise. It is becoming difficult for companies to manage this.
George Gerchow, chief security officer and senior vice president of IT at Sumo Logic said that “Whenever there are times of high anxiety, such as an economic downturn coming off of a pandemic, bad actors are at their best. I’ve seen a few companies impacted by the tightening of the budget strings, but I can tell you that at Sumo, it hasn’t happened. We’re probably investing more heavily than we ever have. I think it’s a real mistake when companies start cutting back on their budget around cybersecurity, especially during these times.”
Despite 84% of companies expressing concern about the financial and reputational harm that could arise from cybersecurity breaches, the HackerOne report shows that many of them have implemented or plan to implement cost-cutting measures that impact their security teams. The report reveals that over the past year, 39% of companies have already made cuts to their security teams, and 40% plan to make similar cuts in the coming year. Such actions, according to Gerchow, have direct and indirect consequences that are often disregarded.