With the pace of economic growth slowing and inflation at a multi-decade high, that’s led many people living in the U.S. to start entertaining the “R” word: recession. In 2022 we’ve experienced what’s being coined a “technical recession,” or two consecutive quarters of negative growth in GDP (gross domestic product). President Joe Biden, however, has—so far—had a more optimistic outlook, saying the U.S. isn’t yet in a recession.
Whenever we do inevitably enter another recession, certain industries and types of businesses typically still grow, including health care, food, and transportation. Recession-proof businesses or industries are those that are more resistant to the economic effects of a downturn than others. And one industry that the average consumer may not think of as thriving during a recession is cybersecurity.
“I believe cybersecurity is practically a recession-proof industry,” Cybersecurity Ventures Founder Steve Morgan tells Fortune. “For organizations of any type or size globally, cybersecurity is mandatory. Without digital protection, a business will go out of business. Given the market demand, for anyone with cybersecurity experience, they are assured of good employment.”
Between 2013 and 2021, the number of open cybersecurity jobs worldwide grew 350% from 1 million to 3.5 million, according to Cybersecurity Ventures’ Boardroom Cybersecurity 2022 Report. In the U.S. alone, there were around 715,000 jobs yet to be filled as of November 2021, according to a report by Emsi Burning Glass (now Lightcast), a market research company. Additionally, Cybersecurity Ventures predicts that global spending on cybersecurity products and services between 2021 and 2025 will accumulate to $1.75 trillion.
“I don’t believe there’s any industry which is recession-proof, but I think that if there’s one industry which might be recession-proof it’s probably cybersecurity,” Adi Dar, CEO and founder of cybersecurity firm Cyberbit, tells Fortune. “Everyone is trying to recruit. Everyone is trying to hire. I think that it’s going to take years and years until maybe part of the gap is closed. I’m not sure it’s ever going to be completely closed.”
Cyber attacks are becoming more prevalent. The average number of attempted cyber attacks per company rose 31% between 2020 and 2021, to 270 attacks, according to Accenture’s State of Cybersecurity Report 2021. The average number of successful attacks per company was 29 in 2021, up from 22 the prior year.
Because data and digital services are critical to business operations, it’s “imperative” to protect company assets, says Danny Allan, chief technology officer of data protection firm Veeam.
“I believe that the cybersecurity industry is largely insulated from market downturns,” he tells Fortune. “Additionally, we are seeing increased focus on compliance and regulatory oversight from the public and the board during times of economic challenges.”
In fact, Cybersecurity Ventures’ Boardroom Security report also shows a growing need to focus on cybersecurity in the board of directors. By 2025, 35% of Fortune 500 companies will have board members with cybersecurity experience, and by 2031 that will climb to more than 50%, according to the report. In 2021, just 17% of these companies had board members with cyber experience.
“Cybersecurity is the only line item that theoretically has no spending limit,” Morgan explains. “There is a budget before a company suffers a cyberattack or a series of them, and then there’s the actual spend that takes place afterwards. What business isn’t going to do and spend whatever it takes to recover from being hacked?”
While we’ve seen vast growth in the cybersecurity industry that has seemingly no slowdown in sight, it’s still an industry that’s in its “infancy,” explains Mark Sasson, managing partner of Pinpoint Search Group, a cybersecurity recruitment firm.
“If we’re defining recession-proof as ‘no impact to the industry,’ I would say no, cybersecurity is not recession-proof,” he tells Fortune. “While the industry will surely continue to grow over time, the massive growth we’ve seen in the past couple of years is a symptom of an industry in its infancy needing to catch up to motivated threat actors.”
The huge cybersecurity talent gap worldwide is more a consequence of not having enough people with the skills necessary to fill these jobs as opposed to the result of a thriving industry, Sasson says.