By Nate Shames
Nov 17, 2017
The recent announcement by President Trump that he will appoint Jerome Powell to be the next Chairman of the Federal Reserve System has prompted a significant amount of discussion about the business cycle and its relation to the American economy. This arose, in particular, with regard to the main competitor to Powell for the position, John Taylor, a Stanford University economist known for the eponymous Taylor Rule that mandates strict, rules-based interest rate management, which, if implemented, would probably have precipitated a recession.
The main task of the Open Market Committee of the Federal Reserve System is to set the federal funds rate in order to manage the business cycle in the American economy. This topic has gained particular prominence in recent years as a result of the historic period of growth that the United States has entered. The United States has been in a consistent, stable, low inflation, low-growth environment since the financial crisis without a turn in the business cycle since the recovery began in 2011. Economists are considering the potential of a business cycle turn.
It is in this context that it is worth discussing how cyber risk relates to the broader, macroeconomic risks faced by businesses. The vast majority of businesses in the United States are exposed to risks regarding the larger economy. These macro risks range from downward turns in the business cycle to credit crunches to disruptive exogenous events. While small businesses don’t have control over these risks, they do have control over how they respond to them.
At first glance, it may make sense for small and medium sized businesses to look to reduce operational costs during a recession given the broader contraction in the economy. This is how you maintain your margins. But what is occurring in a recession is not simply contraction but an increase in fragility. The lack of demand and shrinking margins makes businesses far more fragile. If your margins have halved then it is harder to absorb the effects of errors, accidents, or disruptions. Anything that makes a business more robust serves a key function in mitigating risks produced by large macroeconomic changes.
Additionally, fraud increases during recessions as the failures of the mainstream economy lead to a growth in the illicit economy as people look to illegal activities to produce income. Simply put, desperation produces negative behaviors. This adds additional risk, particularly in the cyber space.
As a result, while businesses may want to reduce what they see as peripheral operational expenses such as data security, this is the exact wrong approach. In doing so, they will only increase their overall fragility in a heightened period of fragility. The correct response would be to double down on their security during a recession. In a normal macroeconomic environment, nearly half of businesses that experience a data breach go out of business. In a recession, a data breach would be even more catastrophic because your capacity to absorb it is significantly reduced, making data security all the more critical.