September 29, 2008
Security, Economy, and Les Mis
So interestingly, we've been reading some articles over the past few days that are speculating heavily about what the current economic meltdown will mean to us guys over here in IT security and risk. The net consensus appears to be - with budgets shrinking and credit freezing up, spending on IT risk is going to be hard hit.
Really? We're not so sure about that. Historically, security spending goes up when perceived risk goes up. Look at DHS in the post 9/11 era. Or your own house after a break-in. Or your company's spending after a worm took down the mail server.
Also - what about the way spending soared after key regulations and bills were passed? While it might have been hard to sell the CEO on file/disk encryption before SB1386, et al came into effect, it became a "get it done" spend for many afterward. Couldn't get the budget for wireless intrusion detection or application scanning before PCI? After high-profile breaches like TJX, Forever21, and Hannaford, executives freed funds and started demanding why purchases weren't being completed and implemented fast enough. And the big Daddy of 'em all - SOX. Implemented to, ostensibly, prevent another Enron, but in reality a huge spend in IT governance, risk, and audit.
So, sure, we agree that budgets are going to shrink overall. And that many companies will not withstand the credit freeze and financial turmoil. But for those who do - we suspect there's going to be increased oversight (The Financial Stability Oversight Board and congressional oversight panel in the current "bailout" for example) and that's going to translate into IT security and risk spending. Not because it's right necessarily, but because it's going to be mandated by overseers, auditors, and examiners. We're in for a bumpy night.
Now this is a bit more speculative, but we could even see a direct increase in overall electronic fraud and crime given the new economic outlook. Studies show that straggling economic conditions tie directly to increased crime rates - lower wages, worse economy, more crime. So, even assuming those folks who foresee less spending are right, it could lead to higher spending once the initial hit is over. It's like the dude from Les Mis - he was a decent guy, but needed to steal bread to feed his family. And some percentage of that crime will be electronic crime - meaning more need for risk, risk managers, and infosec.
Audit's going up, perceived need will go up, and fraud is likely to go up. Sounds to us like business could actually boom in these conditions.
Posted by Ed at September 29, 2008 10:10 AM | TrackBack