Companies are preparing for possible cuts to cybersecurity budgets because of the economic downturn triggered by coronavirus lockdowns, industry analysts say.
The pandemic has caused a range of businesses to furlough or layoff employees and freeze technology and cybersecurity projects as they anticipate a financial hit from the health crisis.
“Security will have to tighten its belt just like everyone else,” said Paul McKay, a senior analyst at Forrester Research Inc. In recent years, corporate cybersecurity budgets were often shielded from cuts in other business areas, he added, but this will likely change for some companies.
Cybersecurity leaders should expect budget decreases—and potentially large cuts in hard-hit industries—over the next year, said Sam Olyaei, a research director at
Some corporate security professionals in hospitality and retail have told Mr. Olyaei that they have been asked to reduce staff, he said.
“The uncertainty that is coming as a result of the health crisis, the economic crisis, the social crisis—it has put a lot of organizations on edge when it comes to spend,” he said.
The economic downturn will dramatically change firms’ short-term cybersecurity priorities. Businesses are likely to continue funding projects that help employees work remotely, such as virtual private networks, multifactor authentication and tools to secure connections to corporate applications, Mr. Olyaei said.
Government-ordered lockdown measures over the past few months required companies in the U.S., Europe and other countries to quickly invest in technology such as virtual private networks and cloud computing to enable many more employees to work from home.
Companies world-wide spent $31 billion on cloud computing services between January and March, up 34% compared with the same period in 2019, according to market research firm Canalys.
Economic pressure could force some businesses to end relationships with third-party suppliers of cybersecurity services, said Gartner’s Mr. Olyaei. Chief information security officers have long complained they can’t integrate tools from different firms because they are incompatible, and the coronavirus crisis may prompt them to push suppliers for help, he said.
Large projects that require a lot of coordination are likely to face delays as companies look for ways to save money, said Frank Dickson, program vice president at research firm IDC. In addition, cybersecurity leaders who might have helped manage those prepandemic plans are now busy trying to keep business operations running with a remote workforce, he said.
Companies are expected to need a year or more to catch up with the security improvements they postponed, he said.
“It’s not a 2020 conversation when we talk about the impact of Covid. It’s a 2021 and a 2022 discussion,” Mr. Dickson said.
There could be additional strain on cybersecurity spending at companies where security is part of the overall information technology budget, Mr. Olyaei said. Once the technology budget is cut, cuts to cybersecurity spending will follow, he said.
Corporate cybersecurity professionals may feel pressure to save money by using tools to automate tasks now allocated to employees, said William Dixon, the head of operations at the World Economic Forum’s Centre for Cybersecurity.
“You’ll see huge pressures on companies and organizations, so finding the additional budget for cybersecurity while people are fighting for their survival is going to be difficult,” Mr. Dixon said.
To cut costs, companies might turn away from smaller suppliers and try to leverage their existing relationships with providers that offer a suite of different services at a lower rate, said Forrester’s Mr. McKay.
“You’re going to see people have to go through all their security tools line by line and really justify why they’re there,” he said. “There are a lot of security tools in organizations that are shiny nice objects but aren’t really doing much for the business.”
Write to Catherine Stupp at Catherine.Stupp@wsj.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8