Four Reasons for CISOs to Maintain (or Increase!) Their OT Security Budget During A Recession

Psst….Don’t look now, but the global economy might be entering a recession. Yeah, yeah, you already know that. Everyday you’re reading about tech industry layoffs, stock market dips, and general economic belt-tightening.

What does this mean for your OT security budget? Should you consider making cuts now to save your organization money?Well, we are a leading OT cyber security company, so you can already guess what we think. 

But let’s get some objective input from industry experts, and offer some concrete reasons why now is actually the time to consider raising the amount your organization spends to keep its OT network secure. 

The good news is that most companies already know that cyber security spending is vital to an organization’s health. Experts believe that most companies will be reluctant to cut back on OT security even if the economy continues to point downward for a while. Analysts are reporting an overall rise in investments in companies that provide cyber security services.

Gartner has predicted that “By 2025, cyber attackers will have weaponized operational technology (OT) environments to successfully harm or kill humans.” In order to combat what may be an oncoming wave of attacks, now is the time to plan for your long term OT security strategy. Waiting until the economic conditions are better may be too late.

However, even if you understand the need to maintain your security budget, it is possible that your organization’s upper management is deciding if OT cyber security resources are a good place to make cutbacks in the coming months, and you may need to convince them otherwise.

We’re here to help you lay out the case, with five good reasons to maintain or increase your OT security budgets during a recession.

1. Preventing an attack is cheaper than cleaning up after one

The costs of an OT security breach are well-known. Threat actors who successfully breach an OT network are demanding ever higher ransom amounts from their victims in order to unencrypt data or avoid publishing it online. Estimates put the total global annual cost of ransomware attacks at upwards of $20 Billion dollars.

If your organization is the victim of a ransomware attack, it may cause production to shut down, while you restore data or try to recoup your encrypted data. Even paying the ransom may not be enough to stop the damage.

But a high financial payout isn’t the only cost of an attack. OT attacks, unlike IT attacks, can result in physical damage, which means an attack risks the safety of workers and, depending on the industry, members of the public as well. 

2. Threats get worse during economic downturns

Management may see times of economic downturn as a reason to tighten budgets and save OT security upgrades for better days when they are more flush with cash. However, that thinking is incorrect because weakened economies create the exact conditions in which threat actors thrive. Recessions are a great time to be a criminal. 

During the recession of 2008 cyber crime rose nearly 40%. Threat actors know that companies may be financially distracted and will use the opportunity to target organizations that may be vulnerable. They assume that their targets will be more willing to shell out big bucks to avoid slowing down production during precarious times. 

3. Uncle Sam Wants You To

Large publicly traded companies in the United States may soon have an additional incentive to shore up their OT network security despite the recession. New proposed rules by the SEC may soon make it obligatory for publicly traded companies to disclose any “material cybersecurity incident” publicly within four days of the attack. If you suffer a breach, your shareholders and the public will know about it. 

If the stock market is a little soft, management should be concerned about the effects of an OT cyber security attack on their stock price. Investing in a comprehensive OT security solution is the best way to help prevent an attack.

4. Your customers want you to 

Imagine you are searching for a vendor to deliver a multi-million dollar order of manufactured goods on a deadline. One factor you would likely consider is which vendor is least likely to have to shut down or delay production due a cyber security issue in their OT network.

Customers are already experiencing delays due to global supply chain issues, and they will be reluctant to do business with a manufacturer who may not be able to deliver on time.

Whether your industry is pharmaceuticals, raw materials manufacturers, automotive, critical infrastructure or any other manufacturing, any major producer will have an easier time convincing potential customers to trust them to deliver a product if they know proper OT network security protocols are in place. 

SCADAfence Recommends

Now that we’ve convinced you that 2023 will be the perfect time to upgrade your OT security solution, here’s some tips on how to find the best solution for your network. (or read our recent summary of Gartner’s advice.)

Look for a vendor that has all the robust features you need to secure your network. It's more cost effective to find a vendor that has everything you need for OT security, rather than having to put together a solution piecemeal. Look for a solution, like the SCADAfence Platform that can handle asset discovery and inventory management, threat intelligence, government compliance and can scale as your business grows. It’s also important that your solution can integrate with other technologies that you have in place for your IT network, such as remote access monitoring. 

Another option is to use a managed services solution. Partnering with an MSSP will allow you to increase security while adding fewer resources and giving you access to security experts who will help you monitor your network.

To see the SCADAfence Platform in action, or get more information, request a demo today.