Economic Forces Seen Putting Pressure on Some Cyber-Security Budgets

Economic uncertainty, interest rate hikes to combat inflation, and the negative effects of a strong US dollar on multinational businesses are placing increased pressure on corporate and infrastructure cyber-security budgets, according to Fitch Ratings.

"Cyber-security investment is not immune to overall budget cuts that could increase downside risk of attacks, but large companies, critical infrastructure, and regulated industries should fare better than small-to-medium companies in unregulated industries and lower margin sectors," a Fitch statement said.

The rating agency noted that spending on cyber security is often viewed as an added cost rather than an essential business expense. In addition, the return on investment can be difficult to quantify, unlike other types of spending. The losses from cyber attacks, however, are easily identifiable, Fitch said, including business interruptions, forensics, remediation, financial penalties, and risks such as brand damage.

Fitch noted that a large cyber budget doesn't necessarily mean better cyber security, Fitch said. "A better measure of cyber-security health is a qualitative assessment of a cyber-security program," the rating agency said. "A good security program features a transparent culture with board and management oversight, employee accountability and training, as well as operational resiliency."

Fitch noted that continuing technological change combined with the resourcefulness of cyber criminals will continue to challenge organizations looking to protect core systems and sensitive information. "Institutions that were deficient in budgetary allocations may face further difficulty in responding to or preventing cyber attacks if relegated to focusing on dollar spend instead of security outcome," Fitch said.