The Short-Term Impact of #COVID19 on the Cybersecurity Industry

As we work remotely and isolate ourselves from friends and colleagues as best we can, the impacts of COVID-19 will continue to hit the technology sector in terms of output and innovation. 

According to analysis released this week from recruitment firm Robert Walters, the UK’s tech industry remains the fastest growing sector in the UK and will maintain resilient as permanent job vacancies in the sector increased by 32.56%, and contract tech roles increased by 48.27% in comparison to the same period last year.

Ahsan Iqbal, director of technology at Robert Walters, said that as digital infrastructure becomes the focal point for many internal business discussions, he does not anticipate a cancellation or slowdown in tech projects. “In fact, there will be a revised focus on firms’ digital offering, with particular attention on improving e-comms channels through better CRM systems, upgraded website capabilities, improved security and enhanced accessibility and use of data.

“As pressure mounts in the coming weeks and months on IT departments to help support remote working capabilities as well as business continuity plans, firms will look to strengthen their teams with contract staff who have prior experience of in-house systems and will be able to hit the ground running.”

Despite this optimism, could it be the case that the cybersecurity sector will be critically hit in the short-term (from now and for the next six months)? Rick Holland, CISO and VP of strategy at Digital Shadows, said: “Historically, cybersecurity is a sector of the economy where spending still occurs even in economic downturns. There are risks to smaller and emerging firms, but sales revenue and the amount of capital raised provides resilience.”

“Historically, cybersecurity is a sector of the economy where spending still occurs even in economic downturns”

Wim Van Campen, senior director of EMEA Business at Lookout, said that it is “probable that the current disruption will shake-out weaker organizations leaving strong businesses in an even greater market position” and any firm that does not have the funds to perform essential business functions such as marketing, customer-facing services or trial offers will be at a significant disadvantage.

Is there a negative outlook for businesses in the cybersecurity industry, despite the optimism of market predictions? Steve Durbin, managing director of the Information Security Forum disagreed, saying that in the short-term, he doubted this would be the case. “If anything, we are seeing a light being shone on the already much talked about skills shortage: it is more likely that businesses will be exposed because they neither have in-house, nor external, access to the necessary skills to deliver their business operations with a remote workforce.”

Durbin said he did not see a short-term altering of budgets, but clearly this will come for many organizations as the crisis continues. “It would be an extremely short-sighted business leader who reduced cybersecurity staff at a time when the majority of the workforce is critically dependent on cyber to function.”

Etay Maor, CSO at IntSights, added that it is not a matter of the company size, but the value it provides its customers. “Companies will need to grow out of their siloed approach and show their value add in the likes of integration to other products in the security stack and providing professional services,” he said. “Even before the current situation, I heard CISOs talking about consolidation and integration of security offerings – they don’t want analysts sitting in front of eight different product screens and then working on tying the data they analyzed – they want less screens with more capabilities and integrations.” 

“Smaller startup cybersecurity firms could be amongst the worst hit by the challenges faced due to COVID-19”

It may be the case that budgets are reallocated within businesses. After all, with a reduced travel budget for the 2020-2021 financial year, could this mean more money for IT, as more IT support will be needed? David Greene, chief revenue officer of Fortanix, said that many businesses will have difficult budget decisions to make in the coming months, and hoped that companies “can see where small investments in cybersecurity can remove one set of worries and protect against adding to their list of challenges.”

Richard Hughes, head of the technical cybersecurity division at A&O Cybersecurity, explained that with considerable financial challenges to be faced over the next few weeks or months, there will be a reduction in spending in some areas to protect the business as a whole.

“We will almost certainly see budgets reduced across the board and I do not doubt that some companies with less mature information security programs may well consider that a reduction in their cybersecurity spend would be without consequence” he said. “Businesses will be looking to spend in areas where they can expect the greatest returns and whilst this is unlikely to be cybersecurity, those tasked with such decisions must consider that although cybersecurity programs rarely increase revenue, they almost certainly protect it.”

What about smaller firms and startups, who are just emerging into the daylight of the cybersecurity space? “With a booming global cybersecurity market, it is no surprise to see numerous smaller startup cybersecurity firms vying for a slice of the cake, but these companies could be amongst the worst hit by the challenges faced due to COVID-19,” he said. “Without an established customer base and repeat business to help weather the storm, smaller and emerging cybersecurity firms must seek new business to survive and herein lies the problem.

The cybersecurity industry requires a certain amount of trust, Hughes added, and with a lack of reputation, this will be difficult to build without a physical presence, whether that is a facility where you can host a client or a visit to the client's own offices, neither is compatible with the guidelines on travel or social distancing or with the readiness of individuals to put themselves at increased risk of infection.  

“Additionally, having activated business continuity plans, potential clients will likely want to focus on keeping the ship afloat with little appetite to enter into new business relationships. It is highly likely we will see some cybersecurity startups fail as a result of such difficulties.” 

Of the people Infosecurity spoke to about this, there was a real mixture of perspective on how businesses can survive, and how many would actually be able to survive. Dave Weinstein, CSO at Claroty, argued that regardless of how long it takes us to get through this global crisis, “businesses that take proactive measures to endure it will be in a much better place than those who continue to deny or ignore its severity.”

It is too easy to say in hindsight what steps could and should have been taken by businesses, and many would likely have wished that a greater investment would have been made into IT, remote working capability, BYOD and potentially even concepts like zero trust and software defined perimeters. However, this may be the normal situation for the next few months, and for those businesses that were prepared and that can be flexible enough to adapt, now is the time to act.

Infosecurity Magazine will be discussing the impact of COVID-19 on the information security industry in this upcoming webinar. Register now for free!

What’s Hot on Infosecurity Magazine?