A slowing economy will inevitably result in some level of operational budget cuts. Because it does not result in direct revenue impact, cyber security is often the first target for companies to reduce or cut. As cyber security primarily focusses on minimising financial losses to the organisation and its clients or partners, risk prioritisation decisions must be tackled with caution since cyber breaches can impact customers and other third parties along the supply chain.
If the organisation is found to be negligent in their risk management decisions, putting profit before customer security they can be exposed to significant punitive fines and damages which are not covered by cyber insurance. Therefore prioritisation of cyber security investment is a logical step in the IT risk governance process.