Beware the Tariff Man: How a US Trade War Could Impact Cybersecurity

How will the cybersecurity industry fare amid a US trade war? Phil Muncaster dares to consider the worst-case scenario

Donald Trump’s second term in office is proving more chaotic and disruptive than even his biggest detractors feared. Front and centre of his audacious attempts to dominate geopolitical allies and foes alike are tariffs: import taxes on goods from other countries. While they have been largely disproven to protect American jobs, the financial burden they place on many businesses could have a destabilising effect which filters down to CISOs.

Industry experts warn that the worst-case scenario, a global recession, could hand new opportunities to threat actors, while tying the hands of corporate security bosses. It’s time to prepare for the worst.

What’s going on in Trumpland?

The 47^th President’s plans to ‘tax’ foreign imports aren’t the only ones to impact CISOs. Cuts to funding for the Cybersecurity and Infrastructure Security Agency (CISA) have already shaken confidence in the critical Common Vulnerabilities and Exposures (CVE) system, after a last-minute funding deal was reached with the scheme’s operator MITRE. More still could wipe almost half a billion dollars from CISA’s budget and lead to a cull of 1,000 employees. But the threat from tariffs is arguably more dangerous, in that the knock-on effects for cybersecurity aren’t immediately obvious.

“The worst-case scenario, a global recession, could hand new opportunities to threat actors, while tying the hands of corporate security bosses”

They’re also possibly less well understood simply because of the chaotic nature in which tariff threats have been wielded by the White House as a protectionist and geopolitical cudgel. First came 10% starting tariffs on all imports into the US, announced on April 9. Then the additional “reciprocal tariffs” covering over 60 countries, which have been temporarily paused. Then came a trade agreement with the UK to reduce tariffs on some goods. Then another curveball from Trump: a decision to double steel import taxes, despite them being exempted under the UK agreement. And all of this comes as US judges add further uncertainty as to whether the President’s tariff policy is even legal.

Even if import taxes are ruled to be a matter for Congress and not the executive branch, more pain could be in store for the global economy if a new bill making its way through the legislature becomes law. It would effectively impose reciprocal charges on individuals, investors and companies from countries with taxes the US dislikes.

Why this matters to cyber

The bottom line is that, if British companies are made to suffer economically through these edicts, then the financial strain it places on the bottom line could filter through to cybersecurity budgets.

“[Tarrifs may] trigger a rethink of supply chains, vendor partnerships and data flows” Tom Pepper

“Exporting gets more expensive, and profit margins narrow. Firms may tighten their budgets across the board, and if seen as a cost centre instead of a critical business function, cybersecurity budgets can suffer,” Netcraft CEO, Ryan Woodley, tells Assured Intelligence. “Although many leaders recognise the important role security plays in business continuity, tighter finances could delay tech upgrades, security team growth, or additional security investments.”

UK government security advisor and Avella partner, Tom Pepper, tells Assured Intelligence that tariffs may also “trigger a rethink of supply chains, vendor partnerships and data flows” – which could have implications for CISOs.

“Long-term investments, such as cloud security transformation or third-party risk management, are particularly vulnerable, while incident response and compliance-driven controls tend to be preserved,” he adds. “That creates an imbalance, increasing operational risk and leaving firms exposed to attack.”

The spectre of global recession

However, if an all-out trade war tipped the world into a global recession, which 60% of top economists think has a “high” or “very high” chance of happening this year, the financial pain would be felt by all companies – not just those exporting to the US.

“The impact is compounded by the growing sophistication and volume of cyber threats. Cyber criminals know that recession-hit businesses may reduce controls, postpone updates, or struggle to monitor alerts effectively. That creates opportunity, particularly for ransomware operators and financially motivated actors,” Pepper argues.

“At the same time, recession-driven digital transformation for efficiency or automation may accelerate, but without the corresponding uplift in security investment. This can result in security being added too late, exposing legacy systems and newly adopted technologies alike.”

The political fallout of such chaos could also harm efforts to bring cybercriminals to justice, says Commvault associate general counsel EMEA, Jakub Lewandowski.

“When geopolitical tensions are high and local authorities are less open to cooperation, another opportunity is provided to bad actors, who are less likely to be caught for the damage that their crimes cause in a different country or region,” he tells Assured Intelligence.

“When geopolitical tensions are high and local authorities are less open to cooperation, another opportunity is provided to bad actors” Jakub Lewandowski

CISOs may find themselves becoming collateral damage if countries decide to institute counter tariffs, quotas, and tighter regulatory standards. “Several nations are already considering stronger local regulatory frameworks and further expansion of tech sovereignty regulations,” argues Lewandowski. “For CISOs, this means higher compliance burdens, increased operational complexity, and elevated costs.”

Security leaders should already be on the alert for threats exploiting geopolitical uncertainty, adds Netcraft’s Woodley.

“You’ll often see a rise in phishing emails that look like official government updates, financial alerts, or urgent messages from partners,” he says. “These scams play on fear, confusion, and the constant stream of headlines. In the middle of all that noise, attackers find it easier to slip through the cracks.”

How CISOs can respond

For Commvault’s Lewandowski, compliance with regulatory frameworks can be an effective bulwark against the potential erosion of cybersecurity budgets.

“Preparation for cyber attacks takes on new importance in times of economic chaos. If organisations have a tried-and-tested recovery plan for the event of a cyber attack, they can afford to turn their focus to more pressing matters, with the confidence that their team is equipped and knows what to do should they be hit,” he explains.

“For CISOs, this means higher compliance burdens, increased operational complexity, and elevated costs”

“Part of this preparation should be identifying your organisation’s ‘minimum viable company’ – the essential systems needed to maintain operations. With a plan in place to recover essential systems to a clean environment, organisations can continue business and keep downtime to a minimum, even in the worst-case scenario.”

Exabeam CISO, Kevin Kirkwood, advises his UK peers to consider cost-cutting measures alongside closer board engagement, if Trump’s trade policy starts to bite.

“Some people think that cybersecurity is a recession-proof item in most businesses’ budgets.  This is truly not the case,” he tells Assured Intelligence.

“If the CISO has used both a defense in breadth as well as defense in depth approach to securing their business, then they can use that additional balance from the defense in breadth to shrink their security posture without impacting creating gaps in their defenses.  They can also look at typical security spend for changes that they can make by shifting to more economical solutions.”

Any CISOs with connection to the executive leadership team or CEO must make their voice heard, Kirkwood continues.

“The return on investment (ROI) becomes important, but the loss to the business, should the depleted security posture enable a successful attack, becomes a broader question that the leadership of the business must be ready to accept.”

Heather Wesley Engel is a former US government cybersecurity contractor, and now managing partner at Strategic Cyber Partners. She warns of the impact of economic turmoil on supply chain risk management.

“CISOs should look to diversify suppliers. Seek out a diversified supply base, including domestic options wherever possible to reduce dependency and enhance resilience” Heather Wesley Engel 

“CISOs should look to diversify suppliers. Seek out a diversified supply base, including domestic options wherever possible, to reduce dependency and enhance resilience. And leverage cloud solutions: tariffs typically apply to physical goods, so migrating to cloud-based security solutions can help mitigate hardware-related cost increases and offers greater flexibility and scalability,” she tells Assured Intelligence.

“Another thing that is important is to review contractual clauses to account for tariff-related cost increases or supply disruptions. Finally, optimise existing resources. So many organisations have a suite of tools for cybersecurity and they aren’t fully taking advantage of all the features. Use what you have already to maximise the value from current cybersecurity tools and infrastructure.”

Ultimately, organisations and security leaders capable of adapting successfully to this new landscape will be well placed to thrive if, and hopefully when, rational trade policy returns to Washington. But whatever happens, it’s set to be a long and bumpy ride.