Why a Recession Will Increase Ransomware and Cybersecurity Breaches

4 min read

The pandemic showed that cybercriminals have no morals when it comes to their targets. They will use any factor to their advantage if they can. The talk of an economic downturn, or full-blown recession, will be the next crisis that attackers will look to exploit.

Cybercriminals Will Exploit Any Crisis

The criminals behind attacks on organizations are not shy about exploiting a crisis to their advantage. We saw this in the pandemic when many ransomware gangs declared they wouldn't attack health care providers. In reality, the ransomware attacks targeting the health sector increased over the pandemic. Other attack methods that tried to exploit the pandemic also went up. Google reported that it saw more than 18 million daily malware and phishing emails related to COVID-19 scams in the first week of April 2020 as the pandemic and lockdowns started to take hold.

The next crisis we expect the criminals to exploit is the looming downturn in the economy. It's time to prepare some ransomware recession readiness. The detrimental impacts of a recession on cybersecurity will come via two routes.

Impact 1 - Lower Spending on Defenses

An economic downturn is frequently closely followed by a reduction in spending within organizations. These reductions happen across the board, with executive teams looking to all departments to reduce spending. Cybersecurity budgets are not immune from this trend, although, given the threat landscape we all face, there is an argument that they should be. Many CISOs, CIOs, and IT leaders generally struggle to adequately articulate cybersecurity spending needs to non-technical decision-makers in their organizations. As a result, the security team and budget get seen as a drain and ripe for savings during downturns.

One way this budget reduction pressure can manifest is via staff hiring freezes. This can lead to open positions not being filled, and no replacements get hired if a skilled cybersecurity staff member moves on. Fewer staff then remain to protect the organization, increasing their workload. In extreme cases, the pressure this puts on the remaining staff leads to more losses from the team, in a vicious downward cycle.

Recession-strapped businesses often implement salary freezes. This can put financial pressure on existing staff and increase the threats from insider risk that the organization faces. Insider threats occur when staff who have access to the data and IT systems for their job use it for illicit means in much the same way an external attacker would. For example, exfiltrating data for sale on the dark web or providing attackers access after a bribe.

Lower spending on cybersecurity will inevitably increase the risks that attackers will breach defenses and cause significant financial and reputational damage to any successfully attacked organization.

Impact 2 - Increased Activity by Criminals

At the same time that organizations may be increasing their risk by reducing spending on defense, the cybercriminals will be looking to increase their activity to take advantage. There is some evidence that the number of cyberattacks increased during the last major recession that started in 2008. Although the evidence cited all seems to originate from a single report that doesn't make a convincing case. In any event, the 2022 cyber threat landscape bears no resemblance to that of 2008. We know from the pandemic that the criminal gangs at work now have no qualms about using events to their advantage.

As the recession bites and people become more concerned about their financial futures, we can expect a significant increase in the number of finance-related phishing emails. These will contain enticements about financial planning and other money-related stories in an attempt to trick people into clicking links or visiting websites that deploy ransomware or other malware.

Other attack vectors used by cybercriminals will look to exploit any vulnerabilities exposed due to understaffed and overworked cybersecurity defense or IT teams. There will be an increase in scanning and probing activity against organizations. This will come from existing cybercriminal gangs and possibly some current cybersecurity staff laid off from their jobs who decide to go to the dark side rather than get a new position in another business.

We've already touched on the increased risk from insider threats in the preceding section and the risk of bribes being used to give cyber attackers access to systems. These are not theoretical risks. Documented cases of staff getting paid to introduce ransomware or other malware into their employer's systems are relatively common. Either by clicking a link from their work PC or plugging in a USB drive supplied to them by the criminals. We can expect attackers to ramp up this activity as people's financial circumstances worsen. The attackers will target individuals in organizations after profiling them from social media posts and other public information.


The looming downturn will cause an upturn in cybercrime. We'll only know how much and what impact it'll have after the event. We know that cyberattacks are still increasing yearly and that cybercriminal activity gets driven by factors such as opportunity, motivation, and rationalization by those involved. Financial stress will enhance all three factors for both external and internal threat actors.

Frequently updated staff awareness training on what to look for when using IT systems to spot phishing emails and other attack vectors will be crucial. Getting the message across that cybersecurity is everyone's responsibility is vital.

A robust and well-funded cybersecurity program can guard against malicious external actors and insider threats. For many organizations working with external cybersecurity managed detection and response providers will be a way to control costs during any economic downturn. Critical Insight has the staff and the expertise to help defend organizations of all sizes. Contact us today to discuss your needs.