A key economic pillar of the current U.S. presidential administration has been the widespread use of global tariff increases. With the stated goal of tariff escalation being to reset America’s long-term trade relationships with the rest of the world and retrench domestic manufacturing, the implementation of these policies has been swift and dramatic.
As of September, according to The Budget Lab at Yale, U.S. consumers were facing an overall average effective tariff rate of 17.9 percent – up from 2.4 percent since February and the highest rate since 1934.
Whether tariff increases ultimately deliver on their intended effects will be borne out over time. But in the meantime, business leaders have been left to manage the chaos of negotiations, appeals and reversals has led to skyrocketing global uncertainty.
Major industries – from oil and gas to consumer goods and agriculture to construction and manufacturing – have struggled to navigate increasingly volatile markets and supply chain concerns (which have been amplified by an “extended freight recession,” as described by one supply chain leader).
At the same time, as new tariffs disrupt global trade and force supply chain executives to re-evaluate vendor relationships, operational infrastructure and budget allocations, they are simultaneously exposing critical cybersecurity weak points across the supply chain.
Artificial intelligence development and the nature of phishing have further complicated these concerns. But amid nearly unprecedented levels of market uncertainty and the shifting landscape of cybersecurity itself, how can industry leaders be expected to tackle this problem?
How Tariffs Are Compromising Cybersecurity
The issue at hand isn’t just the direct effects of the tariffs on business interests but also the downstream effects on cybersecurity caused by the uncertain environment amid their implementation. In recent months, executive-level supply chain planning – hiring, supplier negotiations, strategic investment – has been stunted by a sort of paralysis by analysis across industries.
But business leaders understand that delays can be as damaging as poor decisions, and given the circumstances, inaction – at least when it comes to cybersecurity – isn’t much of an option. Here’s why:
- Tariffs are exposing weak links. Even in the face of so much unpredictability, the latest tariff rollouts are forcing supply chain leaders to rework vendor relationships, data center strategies and overall infrastructure. In the rush to adapt, cybersecurity is often overlooked – leaving gaps that attackers are quick to exploit.
- Cyber risk is an operations risk. A cyberattack doesn’t just steal data. It can stop shipments, shut down systems and create compliance headaches. In a hyper-connected supply chain – one already weakened by COVID and its aftershocks – even one compromised partner can disrupt the entire flow.
- Third-party vendors are a business’ biggest vulnerability. Many supply chains rely on external software, payment processors and logistics tech. If those vendors aren’t being vetted for security, the back door is being left wide open for threat actors to walk through.
The AI Impact
Many businesses recognize the evolving cybersecurity threat, and perhaps more will come to realize the risks as tariffs continue to assert pressure on operations in general and cybersecurity specifically. But in addition to the cloud of uncertainty hanging over supply chains, many companies struggle to keep pace with related tech advancements and project their near- and long-term effects.
Artificial intelligence, for example, has the potential to address a variety of current and growing cybersecurity risks. But AI is also generating new threats in real time, while executives attempt to get their arms around the technology and grapple with whether and how to implement and scale it.
Consider: Phishing scams are getting smarter and more personal. Threat actors are going back to social engineering – but with AI upgrades:
- Fake emails from vendors.
- Spoofed IT team calls.
- Deepfake voicemails from “executives.”
Teams need to be trained how to spot the red flags because attackers are targeting the human layer via social engineering tactics again. Always a moving target, cybersecurity threats just happen to be more nimble than ever.
The reduction of cybersecurity management and response efforts may also lead to the exploitation of known, but unpatched vulnerabilities. The reduction in ongoing cybersecurity maintenance efforts means that known vulnerabilities may go unpatched on critical systems.
The best way forward is a two-pronged approach that essentially requires a business to roll up its shirt sleeves and get to work – while also acknowledging that it likely needs some extra help.
Employee training remains the number one tool for turning back cybersecurity threats. Ongoing education that instructs workers how to identify risks, recognize potential phishing scams and appropriately communicate related issues helps mitigate changes in technology or strategies in threat actors.
Critically, training should also extend to all third-party vendor employees, who tend to represent a company’s greatest cybersecurity risk at any given time.
But cybersecurity can’t fall on the shoulders of employees alone – not even those of an IT team. Cyber threats, by nature, are changing constantly. Businesses receive the strongest protection from a partner specialist that not only has the expertise to address evolving cybersecurity risks but also the deployment team to respond promptly and mitigate the fallout in the event of a cybersecurity incident.
Supply chains will continue to face emerging cyber threats, regardless of political climate. But the unpredictability of the tariffs rollout demands that supply chain players and manufacturers increase their diligence and further adapt to the landscape by bolstering their cybersecurity infrastructure.
