Tariffs! The word has become more commonplace in 2025 than Gangnam Style was in 2012. In a world of misinformation, it’s hard to decipher the true meaning of tariff imposition and the potential downstream effects it might have on our economy, home lives, and professional dealings. While the impact of the imposed tariffs and their reciprocals has already been felt with downturns in the stock market and barren shipping ports, the question us cybersecurity professionals are asking is: how will the tariffs impact our field?
Budget
Depending on a Company’s resources, scrounging up budget for a security program is one of the most tedious aspects of a Chief Information Security Officer’s (CISO) job. The feat requires a combination of education, justification, and, of course, excess funds. Expectations for security spending are typically set at the onset of the fiscal year, so the imposition of these tariffs and the importer’s burden in their wake is forcing security leaders to re-adjust forecasts to accommodate rising prices.
“A 145% surcharge on goods from China will further stress IT budgets…Everything from a simple home WiFi router to enterprise firewalls, network equipment, and even cloud services will be affected” (CyberNews). In addition to inflating prices of physical products, cloud services face potential challenges related to price and availability as the cost of data center component maintenance begins to rise. While the geopolitical climate is ever-changing, CISOs and other security executives should adjust expectations around budgeting to bake in considerations for physical component shortages and increased service costs.
Cyber Attacks
Considering the potential impacts to spending, it is not illogical to assume that this could mean a decrease in cybersecurity defenses. With mounting costs driving security spending down, Companies may not continue or vie for the proper tooling or support to adequately protect themselves from cyber threats. The instability of the economy, coupled with increasing organizational vulnerability, may serve as a driver for bad actors to increase their levels of activity.
“In the past, some countries have resorted to economic espionage to seek edge in political or business negotiations…In addition, individuals and groups struggling because of economic hardship may turn to illicit methods of generating revenue” (DarkReading). Desperate times call for desperate measures, so as the pressures of an erratic economy begin to set in, Mr. Robot pulls his hood up. Security leaders should enable defenses wherever monetarily feasible, ensuring necessary security protections and restrictions are maintained. Emphasis should be placed on monitoring and response activities to identify questionable or unauthorized behaviors and mitigate threats before they are actualized.
Cyber Supply Chain Risk Management
The world sits in wait as the fallout from these economic policies continues to unfold and surprise daily. Companies are struggling to determine whether to accept higher prices due to trade-linked shortages or alter operations entirely. Per JP Morgan, “A collapse of this magnitude would not only sharply boost prices but also significantly disrupt supply chains” (CNN). The sentiment draws familiar shivers from the empty shelves of COVID’s heyday. Cyber Supply Chain Risk Management (C-SCRM), often a subset of Third-Party Risk Management (TPRM), has become an increasingly important facet of the security world over the last several years, as evidenced by updates to regulatory and industry-accepted frameworks. For example, version 2.0 National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) was released in 2024 with an enhanced Cybersecurity Supply Chain Risk Management (GV.SC) category comprised of ten (10) sub-categories, tying the category for the framework’s largest alongside Risk Assessment (ID.RA).
C-SCRM is defined as, “the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information, communications, and operational technology (ICT/OT) product and service supply chains” (Secureframe). Security organizations should take notice of their most critical software and hardware providers and begin understanding and mapping out plans to combat the potential downstream effects delays in delivery may pose. This exercise should include considerations for vendor compromise and the readiness of incident response protocols.
How K logix Can Help
At K logix, we ensure our offerings remain up-to-date with the latest trends and threats that may be facing our customers. Our team is equipped with experts in the TPRM space who work with your stakeholders to understand current practices and offer tailored solutions, including governance documentation (i.e., policies, procedures), for maturation to build a roadmap toward your ideal state. Supply Chain and Incident Response-focused workshops are held to enable development of playbooks to ensure preparedness in the face of a supply chain compromise or disruption.
Not sure where to start? Ask about our complementary services to help you identify your organization’s needs. Contact info@klogixsecurity.com for further information.
Subscribe
Stay up to date with cyber security trends and more