COVID-19 Coronavirus pandemic cybersecurity

5 Reasons Why COVID-19 Budget Cuts Shouldn’t Include IT Security Spend

Leaders are moving beyond business continuity, evaluating budget cuts and tighter spending controls to help weather the COVID-19 crisis and the economy’s certain tailspin. This month PwC released a survey revealing the financial measures top business leaders in the U.S. are evaluating to minimize and manage business impact.

Unsurprisingly, more than half of PwC’s survey respondents (67%) are considering deferring or canceling planned investments. Of planned initiatives, 2% are considering cybersecurity and privacy budget cuts, while 53% are looking at reduced IT spend. Another 25% may scale back digital transformation initiatives, which is surprising given the number of businesses forced to expedite remote working connections and capabilities over the last month.

Working from home has accelerated the number of connection points in the network and the certificates and keys that ensure authentication and baseline protection. Having visibility to those connections is critical to managing them. The margin for error is slim and mismanagement can cause systems disruptions, outages and even security breaches.

Research released earlier this year revealed that leaders and IT professionals were concerned about managing risks related to digital transformation in a pre-COVID world. Just under half of survey respondents said that authenticating and controlling IoT devices was a top strategic priority for their organization’s digital security, while 60% were adding additional layers of encryption technologies to secure IoT devices.

Public Key Infrastructure (PKI) is often referred to as the backbone of security – it’s a staple in cybersecurity frameworks and systems, applications and IoT device protection considerations. For years, IT teams have self-managed their company’s PKI with basic tools like spreadsheets, but in recent years, new platforms and PKI-as-a-Service capabilities have been gaining popularity to support digital transformation. In today’s remote working world, PKI has become more important, though just 38% of businesses have the people and resources in place to manage it.

Our current state is overwhelming for everyone, but IT leaders and managers have been under incredible pressure through this crisis. If you’re championing your IT security budget, here are 5 reasons to justify spend and secure the tools you need to manage PKI security through the crisis and beyond:

1. COVID-19 is an ongoing business operations emergency

When sourcing or mapping your options, define your evaluation timeframe and why product selection is critical to maintaining operational continuity and systems uptime.This definition reinforces the reasoning and value of spend and the criticality of turnkey deployment.

2. Businesses are dealing with unforeseen and unique use cases on a mass scale

Make sure you’ve defined your specific use cases and business requirements, classifying whatscenarios look like under ‘normal’ operational circumstances and a future state. Outline what transitional requirements might look like as the business navigates operational shifts over the next 18-24 months.

3. Time is of the essence

Understanding how much your organization could invest in properly evaluating solutions was key pre COVID-19, but it’s even more important to be realistic in today’s current circumstances and long-term business continuity planning. Businesses have dusted off and implemented any continuity plans they had already mapped out. Leaders who can account for new use cases and turnkey solutions quickly will have an easier time managing the transitions still to come.

4. User groups have radically shifted with the transition to remote working

Many IT leaders have some sort of map documenting the organization’s various user groups – think PKI administrators, security analysts, network administrators and developers. Odds are this list has expanded radically over the last month, especially when it comes to endpoint users and scenarios that account for typical and atypical operations.

5. Your systems and applications have radically shifted, too

Similar to your organization’s user groups, the systems and applications that you’re using has probably expanded – as has the number of keys and digital certificates they rely on. Make sure your list documents web servers, load balancers, firewalls, devices and containers.

No one can predict exactly what our post COVID-19 world will look like, but with experts suggesting some level of distancing and control measures through 2020 it’s safe to suggest that the way we do business 24 months from now will look very different than the way it used to be done, and the way it will be done over the time in between. The PwC spend survey is reassurance for IT security champions everywhere, reinforcing that now is not the time to pump the brakes on security investments.

Scroll to Top