For the Record Straight-talking treasury
See all articles

Why it's Time to Rethink Your Cybersecurity Budget

The recent cyber-attack on easyJet is a wake-up call for companies that have been under-investing in cybersecurity. Rethinking risk models, restructuring templates and rearranging key teams is now part of every CTO’s agenda. In today’s digital world, cyber-attacks have grown exponentially and pose an incalculable risk to businesses. And that is before personal data privacy violations and regulatory-mandated fines are taken into account, both of which can not only instantly destroy customer trust but abruptly put companies out of business.

Airlines can’t seem to catch a break

In a statement last week, easyJet announced that the personal details, including email addresses and travel information, of nine million customers were accessed, including the credit card details of about 2,200 customers. According to Reuters, the attack is thought to have been conducted by a Chinese hacking group, although China has repeatedly denied carrying out cyber operations.

The easyJet hack reminds us of the attack on British Airways, which was first disclosed in September 2018. Details belonging to 500,000 customers were exposed and the company was subsequently fined £183m for breaking GDPR rules. To add to its misery BA, along with many other airlines globally, is now battling to survive as a result of the impact the coronavirus pandemic is having on air travel.

Cybercriminals are constantly on the lookout for vulnerable situations and vulnerable companies. We should expect no less, because this is how these people make their money.

But the counterweight to this is cybersecurity. Companies have recognised that cybersecurity is no longer an important expenditure, but a necessary one, which could mean the difference between survival and extinction.

The lockdown has brought to light failures in cybersecurity

According to Gartner, corporate spending on cybersecurity products and services currently sits at around $184bn globally. This figure is expected to grow to $250bn by 2023. It’s worth mentioning that Gartner made these predictions prior to the onset of the pandemic and the ensuing lockdown. A number of sources, including a recent LearnBonds.com report, are now predicting that cybersecurity may be one of the sectors that benefits greatly from a boost in spending due to the ongoing crisis.

The lockdown has exposed new risks and vulnerabilities in our technological substructures. Cloud security companies such as Okta, CrowdStrike and Cloudflare have been clear winners in the sudden shift to cloud computing, remote work and digital interfacing. A quick look at the Q1 earnings will confirm that. As the workplace becomes increasingly virtual, there are companies that are leveraging the shift to solidify their business models. These companies will be survivors because many of the things we think we may be going back to after this crisis simply aren’t going to be there.

What does the future hold?

The lockdown has caused mass disruption across countless businesses globally and may well have heralded a new, flexible way of working for employees. This will likely create many more points of entry for cybercriminals and companies will need to adapt quickly to this increased threat. Ensuring robust cybersecurity systems are implemented should be at the top of every company’s to-do list or they will risk being exposed and possibly face large fines for any breaches.

Having launched a cybersecurity ETF earlier this year, we are fully aware of the potential damage cybercrime can cause to businesses as well as the potential growth within the sector as a whole. Globally, CTOs and CFOs have already committed huge sums to cybersecurity over the coming years, but this crisis might just be the catalyst that makes them reassess whether the cash already committed will be enough.


Photo of Rahul Bhushan
Rahul Bhushan
Co-founder, Rize ETF