Cybersecurity is an industry that the average consumer may not think of as thriving during a recession. Whenever we inevitably do enter another recession, certain industries and types of businesses typically still grow, including health care, food, and transportation. Recession-proof companies or industries are those that are more resistant to the economic effects of a downturn than others.
In 2022, we’ve experienced what’s being coined a “technical recession,” or two consecutive quarters of negative GDP growth (gross domestic product). With the pace of economic growth slowing and inflation at a multi-decade high, many people living in the U.S. have started entertaining the “R” word: recession. President Joe Biden, however, has—so far—had a more optimistic outlook, saying the U.S. isn’t yet in a recession.
The UC Berkeley School of Information’s online Master of Information and Cybersecurity prepares students to become leaders in cybersecurity. No GRE/GMAT required.
- GRE RequiredNo
- Part TimeYes
“I believe cybersecurity is practically a recession-proof industry,” Cybersecurity Ventures founder Steve Morgan tells Fortune. “For organizations of any type or size globally, cybersecurity is mandatory. Without digital protection, a business will go out of business. Given the market demand, anyone with cybersecurity experience they are assured of good employment.”
Between 2013 and 2021, the number of open cybersecurity jobs worldwide grew 350% from 1 million to 3.5 million, according to Cybersecurity Ventures’ Boardroom Cybersecurity 2022 Report.
According to a report by Lightcast, a market research company, as of November 2021, around 715,000 jobs had yet to be filled in the U.S. alone. Additionally, Cybersecurity Ventures predicts that global spending on cybersecurity products and services between 2021 and 2025 will accumulate to $1.75 trillion.
“I don’t believe there’s any industry which is recession-proof, but I think that if there’s one industry which might be recession-proof, it’s probably cybersecurity,” Adi Dar, CEO and founder of cybersecurity firm Cyberbit, tells Fortune. “Everyone is trying to recruit. Everyone is trying to hire. I think that it’s going to take years and years until maybe part of the gap is closed. I’m not sure it’s ever going to be completely closed.”
Learn more: 4 tips on landing your first job in cybersecurity.
Companies need cyber protection
Cyberattacks are becoming more prevalent. The average number of attempted cyberattacks per company rose 31% between 2020 and 2021, to 270 attacks, according to Accenture’s State of Cybersecurity Report 2021. The average number of successful attacks per company was 29 in 2021, up from 22 the prior year.
Danny Allan, chief technology officer of data protection firm Veeam, says that because data and digital services are critical to business operations, it’s “imperative” to protect company assets.
“I believe that the cybersecurity industry is largely insulated from market downturns,” he tells Fortune. “Additionally, we are seeing increased focus on compliance and regulatory oversight from the public and the board during times of economic challenges.”
In fact, Cybersecurity Ventures’ Boardroom Security report also shows a growing need to focus on cybersecurity in the board of directors. By 2025, 35% of Fortune 500 companies will have board members with cybersecurity experience, and by 2031 that will climb to more than 50%, according to the report. In 2021, just 17% of these companies had board members with cyber experience.
“Cybersecurity is the only line item that theoretically has no spending limit,” Morgan explains. “There is a budget before a company suffers a cyberattack or a series of them, and then there’s the actual spend that takes place afterward. What business isn’t going to do and spend whatever it takes to recover from being hacked?”
The cybersecurity industry needs to “catch up”
While we’ve seen vast growth in the cybersecurity industry that has seemingly no slowdown in sight, it’s still an industry that’s in its “infancy,” explains Mark Sasson, managing partner of Pinpoint Search Group, a cybersecurity recruitment firm.
“If we’re defining recession-proof as ‘no impact to the industry,’ I would say no, cybersecurity is not recession-proof,” he tells Fortune. “While the industry will surely continue to grow over time, the massive growth we’ve seen in the past couple of years is a symptom of an industry in its infancy needing to catch up to motivated threat actors.”
The huge cybersecurity talent gap worldwide is more a consequence of not having enough people with the skills necessary to fill these jobs as opposed to the result of a thriving industry, Sasson says.
“This catch-up game will likely last in perpetuity as threats will continue to evolve based on technological advancement,” he adds. “What this translates to is the need for constant innovation—and constant innovation requires investment.”
The online MS in Cybersecurity program from Hawai‘i Pacific University prepares students to defend their organization from data breaches, strengthen their résumé by taking key certification exams, and advance their career as responsible leaders in cybersecurity.
