Can Cybersecurity Firms Survive the Upcoming Global Recession?

In this brief video, Mike Barker, CRO, OPSWAT, Kerry T. Bailey, CEO, eSentire, and Matthew Moynahan, President & CEO, OneSpan, shed light on the broad effects of the global recession on the IT sector and whether the cybersecurity sector will be able to navigate the crisis. The experts also outline the ways IT companies can remediate the impact of the downturn.

Key Highlights

• Will the Upcoming Recession Impact the IT industry?
• Will cybersecurity companies remain immune to the recession?
• Precautionary measures companies should take amid the recession

Read the full transcript of our conversation with Mike Barker, Kerry T. Bailey, and Matthew Moynahan here:

SPICEWORKS: In light of record-high inflation and an ominous macroeconomic landscape driven by Russia’s invasion of Ukraine, Goldman Sachs now predicts a 30% risk that the U.S. economy will enter recession over the next year, up from its earlier prediction of 15%. Goldman Sachs. Its impact on the IT sector is already evident. The top tech companies like Apple, Google, and Meta are slowing down the hiring process. Even a federal reserve economic survey has warned of soaring inflation and elevated recession fears. No industry could hope to avoid deteriorating economic conditions. 

However, many analysts believe the cybersecurity sector is likely to be spared. But is it true? Let’s find out what the experts have to say.

PLATE 1: Will the Upcoming Recession Impact the IT industry?

MIKE BARKER: With the potential upcoming recession, we don’t see a large impact across companies, especially those going through the middle of their digital transformation journeys. Most companies are still going through those journeys today. There may be a potential change in their prioritization and where they focus their investment as they go forward. But that will continue to be prioritized around cybersecurity.

KERRY BAILEY: If you look at our industry or any industry in general, we’ve had about 12 years of a bull market. All we knew was growth. But the one thing we just went through is probably one of the sudden downturns we have ever seen. And in that sudden downturn called the pandemic, we saw significant growth in modern IT solutions. You saw the cloud industry growth. You saw cybersecurity growth. Look, I think we’re going to see a pullback. However, we’re in a good position with these modern IT solutions that may continue to weather the storm and be critical to the businesses and how they operate. 

PLATE 2: Will cybersecurity companies remain immune to the recession?

MATTHEW MOYNAHAN: I believe cybersecurity will probably fare better than most sectors of the IT industry. Every single downturn has proven that hackers become more active and try to take advantage of companies going through economic strains, which in turn translate to strains on employees, particularly in a post-pandemic world where most of the workforce still has not returned to office. Hackers’ primary attack surface is people, and during economic times, that population experiences more stress, leading to a more favorable time. Ironically, to attack organizations than in peacetime. That said, the spending should continue to favor cybersecurity over other IT segments in an economic recession.

MIKE BARKER: With the potential recession and how it affects cybersecurity, companies definitely see an increased focus and prioritization around those attributes and cybersecurity. When discussing IT and their investments, you know there’s increased focus on presidential orders, like the NATO and cybersecurity focus with additional compliance regulations. So, cybersecurity will remain at the forefront as we look at budgets. We don’t see a huge impact from a cybersecurity point of view, especially as attacks continue to increase as we’re seeing today. 

KERRY BAILEY: When you look at the modern solutions that are in IT today that enable businesses, you think of the cloud, cloud infrastructure, and all of the things that we’ve done over the past several years in these big growth markets to enable companies to operate more digitally. They’re going to do pretty well during these downturns. You’re going to see cybersecurity as one of those most critical areas that help a business to operate in a very distributed world overall. We learned through the pandemic that those modern IT solutions and the industry did well. During the pandemic, we had one of our biggest years ever in cybersecurity because it was critical to businesses, critical of how they operated.

PLATE 3: Precautionary measures companies should take amid the recession.

MATTHEW MOYNAHAN: I would really encourage all executives, regardless of sector, to think through how to be defensive. It’s by ensuring you’re cutting expenses and managing cash flows appropriately. Also, balancing the capital allocation to take advantage of some of the benefits of a downturn by allowing you to be aggressive on the partnering or M&A front valuation. This certainly has become compressed and presented an opportunity for acquisitions of teams or technologies that might have been out of reach from a valuation perspective in a more frothy economic environment than it looks like is coming upon us. The balance of offensive and defensive capital allocation would be prudent to get through the upcoming recession regardless of how deep it is.

KERRY BAILEY: The first measure you must consider is the threat mindset. The adversaries are not going to take a day off. They’re not going to see a down market. They will view this as an opportunistic approach and come at us harder. So think threat visibility, an immediate containment. The second measure is that there will be companies facing cut operating budgets. But think of Newton’s third law. For every action, there’s a reaction. Think about the threats that you’re going to face. Where the vulnerabilities are and how you will protect your business operating overall. And the third one – you’ll have to expect the worst case. Are you prepared if you are attacked and have a breach? Do you have an IR plan? Do you continue your team’s education and cyber awareness so they’re not clicking on those phishing events? You’ve got to make sure you stay prepared from the beginning of education through incident response.