[ad_1]
Security chiefs will likely be told to do more with less in 2023, as economic uncertainty batters budgets and companies brace for a potential recession.
While cyber vendors have seen their funding squeezed and have cut staff, security functions at major companies have mostly been spared the worst belt-tightening moves so far, chief information security officers say.
“Security is a function that’s nonnegotiable in many places. At least to some extent, the business understands that you can’t take that out,” said Mandy Huth, vice president of cybersecurity at bathroom fixtures manufacturer Kohler Co.
Even if security budgets stay intact or remain flat, inflationary pressures have forced some suppliers to raise prices. That leaves security teams, in real terms, working with fewer resources, Ms. Huth said.
At banking giant
Wells Fargo
& Co., Chief Information Security Officer Sunil Seshadri works to negotiate contracts with security providers that tie prices to performance. “Then you have predictability of costs,” he said.
Worsening economic conditions may also pressure CISOs to be more careful with their resources and technology. Shamla Naidoo, global CISO at
International Business Machines Corp.
until July 2021, said there wasn’t much oversight of security spending in recent years, as boards lacked the digital experience to effectively gauge its return on investment.
With tighter budgets, closer scrutiny is likely, she said.
“Nobody’s asking us to cut, but there’s certainly I think going to be a conversation about efficiency,” said Ms. Naidoo, now head of cloud strategy and innovation at cybersecurity vendor Netskope Inc.
Senior leaders at Wells Fargo know it is important to spend wisely on security, Mr. Seshadri said. Still, the company isn’t “shy about investing in cybersecurity,” he said. “It’s not a space we want to penny-pinch.”
In critical-infrastructure sectors, cybersecurity projects will likely be spared spending cuts, said Grzegorz Bojar, chief information officer at
Polskie Sieci Elektroenergetyczne SA,
the operator of Poland’s electricity-transmission system.
“Nobody is so brave to save money on that now,” he said, referring to cybersecurity measures. The war in Ukraine increased cyber threats to European utilities, in particular, he added.
Pressure may come from other avenues. Inflation is pushing wage demands higher and the scarcity of cyber professionals—particularly within highly technical industries such as power—means security staff are in demand, Mr. Bojar said.
“For us, of course, the limit is the money. The salaries rise very, very dramatically. That is a problem,” he said.
Ms. Naidoo said security chiefs may want to consider zero-based budgeting exercises to test accounting in which all expenses are approved and justified in each budgetary period. That would force security departments to look where they most effectively deploy resources.
“The reality is that when you’re facing recessionary type threats, and you’re facing inflationary conditions, we all have to look inward and ask, ‘What would I do differently if I were building this from scratch again?’” Ms. Naidoo said.
Cuts in staff and budget in areas such as marketing, sales and general technology can put even more pressure on security as cash-strapped bosses turn to outsourcing or quick fixes.
Cyber staffs will need to vet third-party services while installing safeguards against new avenues hackers could exploit, Kohler’s Ms. Huth said.
“If we can’t do head count [increases], then when business demand comes in, or you’re bringing in contract labor, it absolutely increases your risk, because those are additional resources that you have to manage,” she said.
Even large, established companies with the financial muscle to expand security teams, and which plan to do so in 2023, say they face uncertainty. Retail giant
Amazon.com Inc.
hopes to grow its security team, said Chief Security Officer Stephen Schmidt, despite a company-wide hiring freeze and layoffs for up to 10,000 workers elsewhere in the company. Mr. Schmidt expects to be able to hire for critical roles at first, and possibly for more roles in later months.
“Is the team going to grow this year? I expect that we will, it is our plan. Of course, given the way the economy is right now, who the heck knows what’s going to happen in the future,” he said.
—Kim S. Nash and Belle Lin contributed to this article.
Write to James Rundle at james.rundle@wsj.com and Catherine Stupp at catherine.stupp@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
[ad_2]
Source link