Cybersecurity, Recession Fears Giving CEOs Sleepless Nights

There’s more than one issue keeping CEOs and other top executives up at night.

First, let’s take the economy. A year ago, a global economic slowdown seemed a distant concern. But as trade talks between China and the U.S. drag on, and politics becomes more unstable throughout the world, fear of a recession has increasingly crept into conversations.

At the same time, growing concerns of a cyberattack or massive data breach have executives looking over their shoulders, wondering if their internal security is good enough.

Let’s not even mention the talent gap and how to fill it.

This rather gloomy assessment of what executives fear is part of a recent report, C-Suite Challenge 2019, issued by The Conference Board, an international think tank. The results are based on interviews with 800 CEOs in the U.S., Europe and Asia, as well as 600 other high-ranking C-Suite executives.

For almost all executives around the world, fear that trade wars could ignite a global recession now ranks as the Number 1 external concern. At the same time, attracting and retaining top talent is seen as the greatest internal concern.

Increasingly, cyber-security (especially in the U.S.) is beginning to outrank many other concerns, especially as the cost to clean up and recover from incidents increases. A study from Radware places that number at about $1.1 million for each incident. Conversely, in Europe, there’s a greater concern over regulatory and compliance issues (think General Data Protection Regulation in the EU) that’s a direct response to these types of breaches.

CEOs are also concerned about how technologies are disrupting their business models and the need to respond with their own digital transformation initiatives.

Dr. Rao Papolu, founder, chairman and CEO at Cavirin, a Santa Clara, Calif.-based provider of cybersecurity risk posture and compliance for hybrid cloud platforms, believes these kinds of reports demonstrate how businesses need to attack the problem of cybersecurity and talent retention together. In short, better employees can help better secure the enterprise.

“Given that the top U.S. CEO external concern is cybersecurity, hiring focus will be on individuals with the skills to go on the offense against the hackers versus the defense,” Papolu explained in an email.

“Basically, as opposed to waiting for something to happen and then taking action, or a defensive posture, they must put in place the processes, people and technology to avoid issues in the first place, or to quickly identify any breaches via continuous monitoring,” Papolu added. “This is an offensive posture. And, as opposed to a recession or trade war, which you may see coming, an attack may be instantaneous, targeted against an increasingly complex hybrid cloud attack surface. Yet another reason for concern is that most companies are woefully underinsured for cyberattacks, and based on the severity of the attack, people may actually be sent to jail.”

While it might be easy to dismiss some of these conclusions as overblown, The Conference Board study reflects similar findings from a recent World Economic Forum (WEF) report that looked at the global risks businesses are likely to face in 2019.

The WEF report found that only natural disasters and climate change outranked cyberattacks and data theft as the greatest concerns facing businesses and governments around the world.

What else made the Top 10 in the WEF survey? How about “Asset bubbles in a major economy,” which certainly sounds like the beginnings of a recession.

Jack Kudale, founder and CEO of Cowbell Cyber, a cyber risk and insurance observability platform based in San Francisco, noted that, although spending on cybersecurity has increased over the past three years, concerns of a recession and the growing cost of cleaning up from an attack will ultimately shift how businesses spend their money, including on security talent.

“There are three main drivers of this, despite their relative spend on cyber-security being at an all-time high for the last three years. This includes: the frequency and correlation of cyberattacks, businesses lack of ability to prove loss from breach to their insurance carrier, and finally the carriers imperfect ability to align coverage to their ever-changing cyber-risks,” Kudale wrote in an email to Dice.

“We are currently at a realization point where anticipated recession concerns, coupled with dealing with an already shortage of skills, will drive a shifting of dollars from cybersecurity to cyber risk and insurance mitigating financial loss in the aftermath of cyber-attacks,” Kudale added.