NetworkTigers discusses the possibility of a recession and how this might affect cybersecurity in 2023.

In 2022, the US has undergone what is known as a “technical recession.” This does not mean recession in the tech world, which by contrast saw a predicted growth of 6.7% market expansion over the past year and employed roughly 12.2 million workers. Instead, a technical recession is a term coined for two consecutive quarters with negative growth in Gross Domestic Product, or GDP. While President Biden and the Federal Reserve have yet to deem the economic situation a true recession, average Americans and certain business leaders argue that they have cause for concern given recent lack of economic growth and rising inflation. 

Would a true recession impact cybersecurity? How have past recessions spurred cybercriminals into action? Cybersecurity is a relatively stable field, but what might IT professionals expect during a US economic downturn?

How recessions drive cybercrime

Cybercriminals take advantage of any weakness to profit, and a recession is no exception. The FBI charted a 22.3% increase in reports of online criminal activity between 2008-2009. Additionally, Regulatory Data Corp noted that cybercrime rose by 40% in the two-year period following the 2008 recession. 

On the positive side, the IT landscape is much more evolved today than in 2008 in the early days of cybercrime awareness. Concerningly, however, the world is much more interconnected, and secure network access is at a premium in almost every industry. The stakes are higher than ever for cybercriminals, businesses, and individuals alike regarding a data breach. 

The average data breach in the US costs businesses over twice the global average, coming in at a price tag of $9.44 million. With so much at risk, companies should scramble to repair existing and prevent new cybersecurity weaknesses during such an economically unstable time. 

Cybersecurity in 2023: is it recession-proof?

One common belief is that cybersecurity is relatively “recession-proof” as an industry. Cybersecurity measures have become as fundamental to many businesses as electricity or internet access in the first place. For this reason, even though industry leaders fear market factors may negatively impact cybersecurity employees during a recession, there is still considerable demand for the skill set. 

Some worries that cybersecurity professionals may face during an economic downturn include:

• Hiring freezes: In a recession, job creation is one of the biggest challenges. Many companies freeze new hires or expect existing departments to take over extended roles. Because cybersecurity is a specialized field, reducing the rate of new hires with the most up-to-date skill sets may put businesses at risk. 
• Lower pay: When businesses are hurt, they may freeze pay increases or offer lower rates for new employees. While tech is considered a relatively stable industry with high earning potential, there may be lowered demand for new IT goods and software that may reverberate along wages. 
• Reduced access to higher education: Barriers to entry to higher education and IT training may create challenges for emerging cybersecurity employees during a recession. 

Automation vs. utility sector stability

Cybersecurity may be stable enough to be considered part of the utility sector of the economy, such as electricity or heat. Utilities are traditionally insulated from, although not immune to, radical market swings because of their steady demand. 

However, the main concern within cybersecurity job stability may be a threat of its own making. Automation often becomes the main investment area for businesses looking to reduce operating costs such as wages. While the development of automated cybersecurity measures may increase short-term employment for developers and designers, some worry about the long-term costs on wages and benefits for average IT employees. 

Prevention AI and machine learning may see increased expansion and focus as companies seek to reduce IT costs through wages and benefits. Automating access procedures and authentication may be a way to streamline IT department flow and reduce manual burdens, adding value to the overall. Whether automation will help or hurt IT professionals in the long run, is still a legitimate question. 

Expected outcomes of a possible recession

Some predicted trends in cybercrime driven by a recession may look like this:

• Increased phishing attempts: As uncertainty spikes, cybercriminals often try to take advantage of an atmosphere of fear by promising relief. Phishing attempts during a recession are likely to include terms such as “stimulus”, “debt relief”, or “loan”, and may see an increase in web traffic. 
• Rise in “insider threats”: Disgruntled or laid-off employees may become threats to their own companies due to insider knowledge of security protocols. 
• Unemployment-driven cybercriminal activity: Tech-savvy generations coming of age during a global recession may turn to cybercrime instead of adding to the league of white hats. A lack of well-paying and stable jobs can increase criminality due to a lack of other options. Because of the globalized nature of cyber threats, it is important to consider worldwide well-being in the tech sector.

On the other hand, cybersecurity as an employment sector has been shown to remain relatively stable despite market swings. As cybercrime rises, so too does the need for cybersecurity. Cybersecurity may be one of the best fields if the US does enter a true recession.