By Ayshwaria Lakshmi (cbedit@imaws.org)
After layoffs, the industry is faced with yet another crisis in hand– cutting expenses. The cybersecurity industry is not immune to this move. This has led CIOs, CISOs and security leaders to come under pressure to do more for less. This in turn means that they are left with only a couple of choices – reduce budgets, delay projects and payments. The majority of the Indian companies work for clients based out of the US. For months now, Companies in the US were laying off employees as they hired for growth that did not take place.
Vallabha Desai, Founder, of VAPT Consultants said that the companies have stopped opting for external consulting, and certification due to the stress on the budgets. His own clients who were to go for ISO certification, for instance, have decided to defer it as it costs and opt to go for documentation and configuration.
Companies often adopt a cautious approach to managing their finances and mitigate potential risks at the sign of a recession or an economic downturn. Companies are generally adopting cost-cutting measures, reassessing budgets, and optimising operational efficiency. Workforce adjustments, strategic prioritisation, and cash flow management are also common approaches. Additionally, companies are striving to remain agile and adaptable by exploring new opportunities and embracing digital transformation. The severity and duration of the recession, as well as industry-specific factors, influence the specific actions taken by companies.
Vallabha added that the stress on financials has made the companies put aside cybersecurity projects. “While this may not directly impact us, indirectly we are taking a hit as the companies delay projects or payments. Some companies have even opted to step away from external consulting,” he said.
Project delays and subsequent payment delays can occur due to unforeseen circumstances or misalignments in project scope and expectations. Employee layoffs that are happening in the market are the cause of organisations resorting to employee layoffs as the first step without exploring other options, explaining that there has been mindless over-hiring which they are trying to correct using the present situation.
These factors can impact the timely delivery and commitment of providers, leading to payment delays. Additionally, external economic factors, such as market downturns or budget constraints, can contribute to project postponements and payment delays. Effective communication and proactive problem-solving between providers and clients are crucial in mitigating these challenges and finding mutually beneficial solutions. “We are yet to see the impact to that level in the markets we are operating in, however, there is caution all around especially in the western markets compared to Asian markets,” said Pradeep Menon, Cybersecurity Evangelist and Director, Cybersecurity NxxT and Zacco Digital Trust.
Does it compromise security?
Suresh Kumar, CEO of Skybertech says it would not.
“Institutions have traditionally maintained high-security standards due to the critical nature of their operations,” explains Suresh. “However, it’s important to note that security risks exist across various industries, and other institutions should also prioritise security measures.” He also added failing to take security measures can leave them vulnerable to cyber threats and potential breaches. All organizations, regardless of industry, should strive to uphold robust security practices to safeguard their data, protect their stakeholders, and maintain trust in their operations.
Studies have also shown that Cybersecurity attacks escalate rapidly during economic downturns and recessions. Inadequate spending on security can lead to failure to protect against emerging threats leaving organisations highly vulnerable. Threat actors use fear and uncertainty as a tool to perpetrate more attacks.
For instance, areas such as SOCs ( Security Operation Centers) would face lesser hiring or a reduction in workforce. It can also identify redundant cybersecurity tools that would overlap with functionality or add those that have a better Return of Income (RoI). So in reality, he says that it’s mostly a reduction in cybersecurity hiring or procurement is what the market is facing right now. 
Arjun Venkat, an industry expert and IT consulting Leader with one of the leading IT companies shares his thoughts as follows – that the clients are not compromising on their spend related to Security & compliance aspects which remains to be the focus and key area for clients globally . “They are cautious on the spend towards any modernizations aspects.
Future to normality
SP Arya, Director Technology, Biztek Advisors, says while there is a caution in the market, the companies understand the need for a strong cybersecurity system in place. Times like these are when ransomware attacks and risks rise. He adds: “When it comes to Small and Medium in India, they do not understand the severity of the situation. They still lack the infrastructure for a right cybersecurity system. Large companies, though do not allocate large budgets, they do have cybersecurity at the priority.”
While the timeline for when the market will become steady is uncertain, market stabilization depends on multiple variables and is influenced by various factors, including economic indicators, policy decisions, and global events. Market experts agree that it would take a year or so for the situation to get better. Monitoring market trends, keeping informed about economic developments, and seeking insights from financial experts can provide a better understanding of when the market may start showing signs of stability.
BEST WISHES FROM
