For 30 years, Silicon Valley Bank (SVB) helped technology clients transform the region, and the world, growing to hold more than $200 billion in total assets and $175 billion in deposits. And then — spectacularly, and seemingly overnight — collapsing. While the Federal Reserve's bailout might have helped to staunch the bleeding for now, those who witnessed the events of early March firsthand will not forget what those first few frantic, uncertain days were like. The psyches of the investor class and tech sector may not recover for some time to come.
This could manifest as skittishness among the investor class, impacting tech of all focuses, but I'm particularly concerned about cybersecurity startups. A downturn in cybersecurity funding threatens not just the sector itself, but all who rely on cybersecurity innovation to keep threat actors at bay.
A recent article makes interrelated points to this effect. One: SVB has long been central to the banking needs of the cybersecurity community in the US and abroad, with public reports that roughly 500 cybersecurity vendors banked with them. Two: investors spooked by the collapse of SVB will likely be "re-evaluating practices" in the short term. Already, cybersecurity funding in 2023 had dipped to 2020 numbers. The collapse of SVB serves to intensify that trend.
One approach that has helped organizations shore up their defenses and continue innovating since the heyday of investment will be critical in this tumultuous time. Ethical hackers have always been one of the best solutions to rising rates of cybercrime. These hackers replicate the strategies of bad actors to penetrate systems and inform organizations about vulnerabilities. At this precarious economic moment, with funding collapsing and companies slashing security budgets, they're an especially viable alternative.
A downturn in funding for innovative solutions such as hackers against a perpetually intensifying cyberthreat landscape could be disastrous for both private and federal security needs. But, before explaining exactly why hackers are so important, it's worth sketching out our current threat and economic landscape in greater detail.
Cybercrime and the Economy
There's no shortage of statistics illustrating the challenging state of our current cybersecurity landscape. One report says cyberattacks on industrial firms increased by 87% in 2022. Meanwhile, another report shows cyberattacks against governments jumped by 95% in the second half of 2022. According to another study, the global cyberattack volume surged by 38% last year. The financial impact is significant; according to IBM, the average total cost of a data breach has risen to $4.35 million.
In many IT departments, keeping on top of their attack surface is an ongoing, hour-to-hour struggle.
The looming economic downturn will make these problems worse. Economic turbulence and spikes in cybercrime go hand in hand. In the aftermath of the 2009 recession, cybercrime rose an average of 40% over the following two years. It was clear again when Interpol and others noted a surge in cybercrime during the COVID-19 pandemic.
In other words: Economic turbulence means less investment in cybersecurity and a surge in cybercrime. Put simply, it's a recipe for disaster.
Why Hackers Are the Answer
You can see why reduced funding for cybersecurity startups is a major problem. Any reduction in funding will be compounded by yet another problem: individual companies cutting back on cybersecurity spending.
I believe that hackers represent the most viable solution to mounting budget concerns. It's not just that hackers are as inventive as the criminals they're trying to combat — prone to exactly the kind of left-of-field, unconventional thinking that routinely allows criminals to infiltrate well-fortified organizations. It's that — in a word — they're affordable. And what could matter more in times of economic stress?
Companies can access a diverse range of expertise and knowledge by using hackers, who bring a different mindset to your system's defenses and let you know quickly where your vulnerabilities are and how you might remediate them. Many organizations now routinely incentivize hackers to bring vulnerabilities to their attention through vulnerability reward programs such as bug bounty. That being said, such programs aren't meant to replace your very important cybersecurity teams. They're meant to supplement them, reduce internal burnout, and overall make your organization more successful.
Hackers have been largely mainstreamed by now, but a not-insignificant number of organizations remain resistant to the concept, on the logic that inviting hackers of any kind or motivation into one's internal systems may prove risky. But this is an outdated way of thinking. For proof, look no further than the US government, which is not usually known to take radical risks in the cybersecurity department. And yet: in 2017, the Department of Defense (DoD) launched Hack the Pentagon, and since then, hackers have alerted the DoD to more than 45,000 vulnerabilities. The US isn't alone in this: Insights generated by hackers are now a routine part of government security in countries all over the world, including Singapore and the UK.
A few years from now, we'll have a clearer picture of how precisely the collapse of SVB impacted the tech sector and the larger economy. In the here and now, though, all organizations need to stay on high alert. It would be a shame to weather an economic downturn just to lose it all from a major breach. The latter scenario, at least, is preventable — and hackers can help.