The cost-of-living crisis continues to beset consumers and businesses alike. In the UK, consumer prices rose 10.1% in March from a year prior, according to the Office for National Statistics. That’s a slight decrease from the 10.4% in February. According to cybersecurity firm Bridewell’s “Cyber Security in Critical National Infrastructure Organizations 2023 Research Report,” the current economic crisis is also poised to impact cybersecurity, with 34% of organizations within the UK’s critical national infrastructure (CNI) foreseeing a surge in cybercrime.
The Pressures of Inflation
Inflation pressures are the foundation of all the negative impacts to come. As Scott Nicholson, co-CEO of Bridewell pointed out in the report, these economic pressures lead to food and energy price hikes, elevating the risk for “insider cyber threats.” Whether it’s malicious intent or ignorance, employees can pose a tremendous threat to the systems that keep the UK’s critical systems running. In fact, 67% of respondents reported seeing an increase in cybersecurity risk from insiders, over the last three years.
Work theft—including swiping office supplies, stealing data, and embezzling company funds—has increased by one-fifth in both Wales and England.
Inflation has also forced many organizations to re-evaluate their budgets, resulting in significant cuts to Critical National Infrastructure (CNI) cyber budgets, and leaving organizations even more vulnerable to cyber attacks.
Consequently, 35% of CNI decision-makers have reported that the economic downturn is provoking an increasing number of internal employees to turn to cybercrime.
What Can Be Done?
According to Bridewell’s report, there’s plenty that an organization can do to mitigate internal security risk stemming from employees—and it begins with building a robust cyber defense from within the organization. Vulnerability assessments should also take place on a continual basis to uncover any attack surfaces.
The hiring stage is another opportunity when organizations should perform thorough financial checks. Once hired, employees should only have access to information that is necessary. Monitoring confidential systems, as well as training employees to spot when an insider threat is taking place is also critical.