IT cybersecurity teams should brace for upcoming budget cuts as the economic jolt from the coronavirus (COVID-19) pandemic prompts businesses to reevaluate their overall spend, industry analysts told The Wall Street Journal in a new report.
Even as cybersecurity threats increase exponentially, the pandemic could influence companies to allocate fewer dollars to defend themselves, pare supply chains, postpone projects and adjust budget priorities. What COVID-19-related rethinks should corporate cybersecurity defenders expect going forward?
Here are the views of four industry analysts:
Belt tightening. “Security will have to tighten its belt just like everyone else,” Paul McKay, a Forrester senior analyst, told the WSJ. Cybersecurity business units have typically skirted corporate budget cuts but that’s likely to change in the COVID-19 economy. Once the overall technology budget gets cut the cybersecurity business will likely get red-lined as well, he said.
Spending uncertainty. “The uncertainty that is coming as a result of the health crisis, the economic crisis, the social crisis—it has put a lot of organizations on edge when it comes to spend,” Sam Olyaei, a Gartner research director, told the WSJ. IT cybersecurity departments should be prepared for budget cuts and possible staff layoffs, he said.
Changing priorities. With COVID-19 forcing many businesses to reorient personnel to teleworking, more cybersecurity funding has and will be allocated to locking down remote connections, network access, virtual private networks and secure communications, Olyaei told the WSJ.
Supply chain adjustments. Smaller, third-party suppliers, key to the supply chain, might see some of their IT cybersecurity business slip or slide away. Olyaei said. Also, businesses might turn to larger suppliers whose products and services may cost less, said McKay. “You’re going to see people have to go through all their security tools line by line and really justify why they’re there,” he said. “There are a lot of security tools in organizations that are shiny nice objects but aren’t really doing much for the business.”
Project delays. Businesses facing budget cuts may have to put large projects on hold until they can stabilize under COVID-19’s financial load, Frank Dickson, an IDC vice president, told the WSJ. It may take as long as two years to make up for postponed cybersecurity projects, he said. “It’s not a 2020 conversation when we talk about the impact of Covid. It’s a 2021 and a 2022 discussion.”
Automation. Owing to budget constraints, cybersecurity departments may need to automate tasks currently performed by employees, William Dixon, who heads operations at the World Economic Forum’s Centre for Cybersecurity, told the WSJ. “You’ll see huge pressures on companies and organizations, so finding the additional budget for cybersecurity while people are fighting for their survival is going to be difficult.”
Amid those realities, some cybersecurity companies have already cut some headcount in order to preserve cash.