Smart technology. Connecting the future. Lifestyle and technology.

Why cybersecurity must remain a priority amid tariff chaos

Photographic portrait of Puneet Kukreja
Puneet Kukreja

EY UK & Ireland Cyber Security Leader

Contributors

5 minute read 15 Apr 2025
Related topics
Tax
Global trade
Technology
Cybersecurity
Consulting

In an increasingly volatile economic environment, businesses must not allow their cyber focus to waver.

In brief

  • Past responses to the imposition of new tariffs had the unintended consequence of increasing organisations’ cyber vulnerabilities.
  • New suppliers and sourcing partners must be held to the same cyber standards as those they are replacing.
  • Cybersecurity cannot be treated in the same way as other costs and must be seen as core to business resilience.

How EY can help

The shockwaves unleashed by the tariffs imposed by the US administration have the potential to create a perfect storm for organisations’ cyber exposure. In their haste to reduce costs, organisations may inadvertently increase their vulnerability to a cyber breach at a time when recovery could be particularly challenging.

 

Businesses are struggling to understand and come to terms with the full implications of the current disruption to global trade. Faced with new tariffs and shifting trade dynamics, organisations across Ireland and Europe are reassessing sourcing strategies, supplier dependencies, and regional logistics.

 

Many businesses are seeking out alternative partners and suppliers as they attempt to mitigate the potential cost increases but, in the rush to do so, may be exposing themselves to additional cyber risk. If not subject to rigorous assessments of cyber risk and held to the same standards as those they are replacing, each new supplier, logistics partner or digital service provider becomes a potential vulnerability.

 

At the same time, internal cost cutting measures may impact their own cyber posture thereby further increasing their exposure. An exacerbating factor is the heightened threat posed by a far more potent AI enabled attack force armed with dark LLMs.

 

And this is all happening against a backdrop of elevated cyber risk created by increasingly complex supply chains.

 

Learnings from the past

 

This is not entirely unfamiliar territory, of course. The tariff escalations of 2018, although much more minor in scale, prompted similar supply chain shifts. If we reflect on and learn from what happened then, it can help us today in our efforts to secure the future.

 

In 2018, supply chain reorganisation and associated cost reduction measures led to delays in cybersecurity investment and reduced oversight of third-party ecosystems. The consequences were a significant increase in cyberbreaches across the globe.

The potential for disruption is significantly greater today, however, due to the digitalisation of far more complex supply chains and the increased reliance of organisations on cloud infrastructure and decentralised technology stacks.

There are some sectors that are particularly exposed such as manufacturing and life sciences organisations. They rely on highly integrated global networks, where data, access, and trust flow across multiple partners. Many of these organisations are beginning to utilise increased amounts of data in their supply chains through the application of AI. Adjusting these relationships without compromising operational continuity or information security is no small task.

Even where an organisation is taking steps to protect its vulnerable data assets, if its trade partners and suppliers are not doing it, the entirety of the supply chain can be compromised. 

While tariffs do not yet apply to software and digital services, there is potential for the current situation to escalate further, prompting organisations to rethink their digital supply chains. With the top five cyber software producers currently based in the US, concerns around strategic dependency are becoming more pronounced, particularly in sectors where national security and regulatory compliance are critical. 

This may drive increased interest in European and Asian cybersecurity alternatives. While some Asian providers offer robust technological solutions, broader geopolitical considerations may influence adoption decisions. Against this backdrop, European cybersecurity start-ups and organisations are well-positioned to benefit, offering trusted, regionally aligned solutions that support the broader push for digital sovereignty and resilience.

Keeping cyber defences up and running

Meanwhile, economic headwinds are placing all spending, including cybersecurity budgets, under intense scrutiny. Every item of expenditure that is not seen as value creating or related directly to an organisation’s production capability is likely to face cuts. In this paradigm, cybersecurity is quite simply not viewed as core to the business.

For many organisations, the issue will be seen as one of dealing with tariffs or dealing with NIS2 Directive, DORA, the AI Act and other regulations. Viewed through that prism, it will, unfortunately, be natural for organisations to spend on tariffs first and to make savings on cybersecurity.

This is due to a gap in understanding at board level of the importance of cybersecurity. It is not simply a protective measure or a compliance issue, it is about ensuring the resilience and continuity of the business and securing the digital fabric that underpins the business and its entire value chain.

Businesses grappling with tariffs and trade disruptions face new costs and complexities that could impact their stability. It’s therefore essential for organisations to seek efficiencies and cost reductions wherever possible. However, it is crucial to implement these reductions in a manner that does not compromise the integrity of the business. Failure to invest in resilience, particularly in the realm of cybersecurity, risks eroding the significant cyber maturity that has been developed over the past 36 months. The price for going backwards in this regard will be very high.

Simon MacAllister

Co-Head of Geopolitical Strategy. EY Ireland Strategy and Transactions Partner. Head of Valuation, Modelling and Economics

Five strategic steps to strengthen cyber posture

While some element of across-the-board cost reduction may be unavoidable in the current environment, cybersecurity should certainly not be the first area to cut. Instead, current spending levels should be at least maintained if at all possible. The following five steps will help organisations to preserve their current cyber posture even if some cuts are unavoidable.

Summary

In an era defined by geopolitical uncertainty, shifting trade alliances and interconnected digital systems, cybersecurity can no longer be treated as a back-office issue. It is a foundation for trust, a shield for reputation, and a prerequisite for agility and operational resilience. The next crisis for an organisation may not be triggered by tariffs or legislation, but by a breach deep within a partner’s system. In today’s world, resilience is not just what you manage, it is who you rely on.

Related content

How will the new tariff announcements impact Ireland’s technology sector

The US tariff announcements are reshaping the global trading landscape. Find out what it means for Ireland’s technology sector.

Grit Young + 1

Global trade

Increased trade and regulations, along with growing scrutiny of cross-border flows, are challenging today’s supply chains.

What are the implications of US President Trump's reciprocal tariffs on global trade

Discover the impact of Trump's reciprocal tariffs on global trade. Learn how to mitigate risks and adapt your business strategy today!

Graham Reid + 4

    About this article

    Photographic portrait of Puneet Kukreja
    Puneet Kukreja
    EY UK & Ireland Cyber Security Leader
    As the EY UK & Ireland Cyber Leader Puneet is passionate about building client centric, growth focused high-performing delivery organisations which are engineering led and powered by managed services.

    Contributors

    Related topics
    Tax
    Global trade
    Technology
    Cybersecurity
    Consulting

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.