US cybersecurity could suffer from budget cuts: Fitch

US corporate and infrastructure cybersecurity could suffer from budget cuts, Fitch Ratings has warned.

Rapid interest rate hikes to combat sustained high inflation, and the negative effects of a strong US dollar on large multinational companies, could hit US corporates and pressure them to reduce their spending on cybersecurity, the rating agency said.

Large companies, critical infrastructure and regulated industries should fare better than small-to-medium companies in unregulated industries and lower margin sectors.

“Cybersecurity spending is often viewed as an added cost rather than an essential business expense, with return on investment metrics difficult to quantify, unlike other types of spending and investment,” Fitch said.

The rating agency also said that a large cyber budget does not necessarily translate to better cybersecurity. For example, big budgets can be indicative of a larger attack surface, an inefficient use of resources or higher reliance on legacy technology. 

A better measure of cyber security health, Fitch said, is a qualitative assessment of a cybersecurity program. 

In 2022, some 60% of employers categorized their cyber budgets as significantly or somewhat underfunded, up from 58% in 2021, according to an ISACA audit (see image, below)

Corporates that maintain underfunded cyber budgets could be punished. Cyber insurer Coalition has predicted the market will see an “uptick” in cyber attacks when the Russia-Ukraine war ends. 

As many as 74% of ransomware payments last year were to groups believed to be affiliated with Russia, according to data from Chainalysis, a company that provides data and services related to cryptocurrencies.

But some experts believe that, even if the war drags on, other cyber criminals will step in and fill the vacuum, driving up claims even before the war’s end.