Cybersecurity is a ‘resilient industry’ in spite of recession fears: CrowdStrike CEO

Daniel Howley

Fears of an economic downturn or possible recession, not to mention higher interest rates, might have some businesses cutting spending on things like cloud computing, but CrowdStrike (CRWD) CEO George Kurtz says the same can’t be said of cybersecurity spending.

“Cybersecurity is something you might be able to pause, but you can’t put off indefinitely,” Kurtz told Yahoo Finance Live. “That’s absolutely what we’ve been seeing.”

According to a survey of 1,000 business executives conducted by the International Information System Security Certification Consortium (ISC)2, a nonprofit that provides training certifications for cybersecurity workers, cybersecurity employees are the least likely to face layoffs in a recession.

The reason? The risk of cybercrime tends to increase during recessions and economic downturns, as criminals look for new ways to earn cash. What’s more, the cybersecurity industry is already facing a major worker shortage, with (ISC)2 saying the global cybersecurity workforce has to grow by 3.4 million workers to address the world’s security needs.

And according to Kurtz, that threat coupled with an ever-evolving cybersecurity environment means that companies simply aren’t willing to cut their cybersecurity budgets at this point.

“Organizations are looking to protect themselves. There are mandates from the board, there are compliance mandates, and it certainly is a resilient industry,” he said. “What we’ve seen is that budgets are modestly up in some cases, others flat. But we haven’t really seen them go down.”

Sign up for Yahoo Finance's tech newsletter.
Sign up for Yahoo Finance's tech newsletter. (Yahoo Finance)

The Biden administration, meanwhile, is attempting to realign discussions around cybersecurity to put more emphasis on corporate responsibility for protecting important data.

According to the administration’s strategy, individuals, small businesses, and local municipalities shouldn’t bear the burden of dealing with advanced cyberthreats. Instead organizations that can better insulate those groups from criminals should.

That’s exactly what Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency told Yahoo Finance at CES 2023 in January. Easterly says she believes companies like Microsoft, Amazon, and others need to improve their security posture to prevent downstream security lapses from becoming major intrusions for smaller organizations that don’t have the resources to respond to such threats.

Photo by: STRF/STAR MAX/IPx 2020 12/24/20 Suspected Russian hackers made failed attempt to breach CrowdStrike. STAR MAX File Photo: 12/3/20 A CROWDSTRIKE logo shot off an iphone SE 2020.
Photo by: STRF/STAR MAX/IPx 2020 12/24/20 Suspected Russian hackers made failed attempt to breach CrowdStrike. STAR MAX File Photo: 12/3/20 A CROWDSTRIKE logo shot off an iphone SE 2020. (STRF/STAR MAX/IPx)

“We've essentially accepted as normal that technology is released to market with dozens or hundreds or thousands of vulnerabilities and defects and flaws,” Easterly said during a discussion at the trade show.

“We've accepted the fact that cyber safety is my job and your job and the job of my mom and my kid, but we've put the burden on consumers, not on the companies who are best equipped to be able to do something about it.”

For his part, Kurtz says cybersecurity is a shared responsibility.

“When we think about software in general. When you look at Microsoft, there were 30 zero-day vulnerabilities [exploitable flaws with no fix yet],” he said. “So there’s a shared responsibility in making sure that software, like Windows, is actually safe.”

Got a tip? Email Daniel Howley at dhowley@yahoofinance.com. Follow him on Twitter at @DanielHowley.

Click here for the latest stock market news and in-depth analysis, including events that move stocks

Read the latest financial and business news from Yahoo Finance

Advertisement