As the global economy reacts to recently announced tariffs, the ripple effects are extending far beyond traditional trade dynamics. For business leaders, CISOs, and risk managers, the implications are reshaping the way we think about third-party risk and cybersecurity.
Macroeconomic policies like tariffs can introduce vulnerabilities in the digital infrastructure of organizations, a reality to which leaders must respond. Below are major cyber risk impacts resulting from tariff disruption and how your company can strategically address them.
1. Nation-State Cyber Retaliation
Economic pressure and geopolitical tension are likely to escalate nation-state activity in cyberspace. Historical patterns suggest increased critical infrastructure attacks from adversarial actors in response to tariffs.
What this means for your organization: Organizations need updated threat models that account for sophisticated threat actors, especially those targeting critical sectors like finance, defense, technology, and other critical supply chain industries.
2. Supply Chain Disruption Exposes New Cyber Vulnerabilities
Tariff-affected regions – like China, a major player in semiconductors and mineral production – are foundational to global IT infrastructure. As companies seek out alternative suppliers, several trends are emerging:
- Shortcuts in third-party due diligence, as companies may bypass certain security due diligence when looking for new vendors.
- A rise in counterfeit components, due to a rush to reduce costs related to affected hardware.
- Extended lifespans for outdated security infrastructure, leaving legacy systems and potential vulnerabilities in place.
What this means for your organization: With these newly imposed tariffs, many organizations will aim to reshore their workstreams in the U.S. from overseas. Every vendor transition or hardware delay introduces new opportunities for threat actors. Integrating rigorous third-party risk management into your organization is not only a best practice but a business necessity.
3. Climbing Cloud and Cybersecurity Costs
The global nature of cybersecurity tooling and public cloud infrastructure means tariff-induced costs don’t stop at the border. As U.S.-based companies seek domestic infrastructure and software alternatives, they may soon encounter higher subscription prices for cybersecurity tools and cloud services, potentially pushing some toward cheaper (and potentially less secure) alternatives. Due to the limited availability of critical hardware materials, hardware-based security tools may become less accessible.
Consequently, vendors might shift toward software-based solutions, which may not adequately align with the unique risk appetite of every organization. Hardware-based security tools may also become less accessible depending on the availability of critical hardware materials.
What this means for your organization: The true cost of cybersecurity is measured in resilience, readiness, and risk exposure. Cutting corners in the short term could open the door to costly breaches down the road.
4. Risk of Isolated Threat Intelligence
Tariffs and economic tensions can erode international trust, which has become a foundational element in effective cyber threat intelligence. We anticipate:
- Decreased cross-border collaboration, reducing the sharing of large-scale threat intelligence.
- Lack of consistency across national security standards, opening new attack surfaces as one-size-fits-all regulations become less applicable.
What this means for your organization: Organizations in both the public and private sectors must proactively build trusted threat intelligence networks to stay up to date on global threats.
5. Insider Threats and Budget Constraints
Tariffs are likely to drive up labor costs and service/subscription prices. In response, many organizations tighten their cybersecurity budgets, delaying critical upgrades and leaving defenses more vulnerable. Simultaneously, layoffs and hiring freezes are prone to insider risk, as financially stressed or disgruntled employees are more likely to become threat actors.
What this means for your organization: It’s essential to invest in employee awareness training, insider threat monitoring, and secure offboarding processes to mitigate insider risk.
Next Steps
When organizations rush through security decisions, it often leads to bigger problems down the line. Business and security leaders must avoid impulsive reactions when changing vendors, cutting costs, or de-prioritizing long-term security.
CrossCountry Consulting’s Integrated Risk Management team targets these challenges by contextualizing the security implications of business decisions, enabling leaders to make informed decisions that balance risk with desired outcomes. Now’s a great time to build resilience by:
- Maintaining up-to-date threat models that account for evolving threat actors.
- Conducting comprehensive and timely third-party risk assessments.
- Mapping and securing vulnerable segments of the supply chain.
- Enhancing cybersecurity strategy so that it appropriately balances cost, compliance, and readiness.
For expert support, contact CrossCountry Consulting.