The introduction of new US tariffs has significantly rattled the US cybersecurity sector, reducing the stock market valuations of cybersecurity companies by tens of billions of dollars and sparking concerns that organizations may be forced to cut cybersecurity spending. The tariffs could also lay the groundwork for creating regionalized and weaker cybersecurity technologies globally.
President Donald Trump announced on April 2 that the US will impose new tariffs on goods from 200 countries. The complex tariff scheme is based on a formula that substantially inflates the costs of imported goods from leading US trading partners. For example, Trump’s tariffs will increase the price of imported Chinese goods by 67%, a cost rise that could prove unbearable for companies heavily dependent on Chinese imports.
Tariffs, traditionally imposed only on the importation of durable goods and not services, can adversely affect the tech sector, including cybersecurity, “even if not directly targeting the tech services sector,” Rodrigo Adão, professor at the University of Chicago Booth School of Business, tells CSO.
Recession prospects and countermeasures hammered cyber stocks
On April 3 and April 4, the first two days following Trump’s tariff announcement, publicly traded cybersecurity companies lost tens of billions of dollars in market value as their stock prices plummeted, with many experiencing double-digit percentage price drops.
Several factors contributed to a significant stock market rout affecting markets and sectors worldwide. From a macroeconomic perspective, the impact of the tariffs “depends on whether the new tariffs will have disruptive effects on inflation and activity,” Adão says, which could lead to a recession, higher interest rates, and lower demand, all factors that the market is taking into account.
For the tech sector specifically, Adão points to potential countermeasures by the European Union, such as imposing new taxes on US tech firms operating in Europe or even challenges to US tech patents. “These types of responses could harm US service exports more broadly, which currently account for about 20% of total US exports,” he says.
Customer cutbacks and increased costs are major concerns
In addition to the macroeconomic fears and worries over retaliatory measures, US cybersecurity companies are vulnerable to losing revenue under the new tariffs as customers reduce their cybersecurity budgets to cope with their own tariff-induced financial pressures.
“What’s happening is that people are looking at cybersecurity through the lens of these huge market falls,” David Brumley, CEO of ForAllSecure, tells CSO. “They’re cutting their cybersecurity staff. I was in a meeting with one of our major customers earlier this year, and they said, ‘We’re going to be asked to cut 15% of our budget if our stock falls 15%.’ And now that is happening.”
For Brumley, the tariffs deliver an ironic blow, given how loudly the Trump administration has proclaimed that Chinese cyber threat actors are in its crosshairs. “On the one hand, everyone is saying we’re going to go to war with China. I think Trump was public about that, so that was refreshing, right? On the other hand, critical companies are all going to cut their cybersecurity budgets.”
The tariffs could further erode cybersecurity budgets by increasing the prices of necessary technology equipment, such as servers and other digital hardware, that organizations purchase from outside the US.
“Tech industries, even if they are mostly services-based, interact with manufacturing in some way,” economist Alex Durante at The Tax Foundation, a nonprofit, nonpartisan tax policy institute, tells CSO. “IT infrastructure needs mainframes and servers, which require semiconductors and other electronic components that will be facing tariffs.”
Shift to regional cyber companies could lead to stagnant products
The imposition of tariffs could further cause non-US customers of US cybersecurity companies to shift their cyber spending to local or regional cybersecurity vendors, which are now suddenly lower-cost alternatives. Experts warn, however, that although these local options may be cheaper in the short term, placing too much reliance on them could erode the long-term vitality of cybersecurity products.
“The one thing I’d watch out for is that the tariffs could also create somewhat monoculture environments,” Tony Anscombe, chief security evangelist at ESET, tells CSO. “If you are in a country where you remove many products from the market because they become expensive due to tariffs, then you end up using the de facto product — the one that becomes the cheapest in that market.”
He adds, “If everybody in that country does the same thing, you end up with one product dominating the market, which is bad for cybersecurity.”
To bolster his point, Anscombe cites a 2015 study by researchers at the École Polytechnique de Montréal, Microsoft, and Carleton University, which concluded that users are more vulnerable in countries with an antivirus “monoculture,” a term typically applied in agricultural science to a single crop over a broad area for several consecutive years.
Whatever impact the tariffs may have on US cybersecurity companies, these central cyber defense organizations must nevertheless continue to work through the turmoil to protect their customers’ assets. “While the world works through this time of change, managing supply chains and related issues, adversaries look to take advantage of such moments,” a spokesperson for Palo Alto Networks tells CSO. “We are more focused than ever on helping our customers to remain secure and resilient as they navigate these changes.”
See also:
Trump fires NSA and Cybercom chief, jeopardizing cyber intel
Trump shifts cyberattack readiness to state and local governments in wake of info-sharing cuts
Trump nominates cyber vet Sean Plankey for CISA chief amid DOGE cuts and firings
No Responses