Value of a Company Includes Cybersecurity

Cybersecurity — and the lack of it — can affect the valuation of a company
Company owners and executives should treat cybersecurity as an investment

Sony, JP Morgan Chase, Home Depot, Target, Anthem. And these are just the big American companies that have made the news recently after being victimized by cyber thieves.

Countless other companies — big and small — that were targeted by cyber thieves haven’t had their breaches publicized. The costs to big companies can run in the hundreds of millions of dollars; Target reported gross expenses from its data breaches of $252 million. For smaller companies, a data breach can run them out of business.

One of the hidden costs of cybercrime is how it can affect a company’s valuation, particularly for those companies on the verge of being sold. Even companies that haven’t invested adequately in cybersecurity can see potential investors or buyers walk away after a cyber audit uncovers compromises or deficient security.

Valuing companies

A number of factors go into the valuation of a company, including revenue, assets, intellectual property, the principals and employees of a firm and other elements.

An emerging trend in company valuations is cybersecurity. Many of the elements comprising a company’s value — intellectual property, customer records, data operations and marketing tactics, to name a few — are all susceptible to cyber thieves.

Think of it this way: If an employee walks out of an office with a folder of company data or other information, it can be relatively easily to track it down quickly. A cyber breach can be completely different, however.

The average data breach lasts 229 days before it is discovered. Imagine how much sensitive company information cyber thieves can siphon off in that time. What if that data ends up in the hands of a competitor?

If you think it doesn’t happen, think again. There are many corporate examples of companies having “issues with systems” in the time leading up to an acquisition. We’re talking corporate espionage.

The Future Of Cybersecurity

Over the next five years starting this year, spending on technology is predicted to drop globally by 30 percent as more money is spent on services and expertise in cybersecurity.

One of the indicators in the rise of the importance of cybersecurity is the acceptance of insuring companies against cyber attacks. Insurance companies are asking experts in the cybersecurity field, including us at Sera-Brynn, to help craft policy language.

Business owners and company executives are realizing the reality of the risk and insuring their companies against the threat of cyber crimes, which is no different than purchasing property insurance.

Compliance is another indicator in the rise of cyber thefts and crimes. There are federal and industry standards in compliance that are a response to the pervasive threat of cybercrimes.

Company executives should treat cybersecurity as an investment. Over the past year, we’ve seen a trend in the cybersecurity landscape of threats being discussed at the top levels of companies. It’s now become a corporate problem and not just a technology department problem, leading to discussions in the board rooms.

The nature of those discussions has shifted from tools and “toys” such as protective devices or improved firewall routers as a means of preventing intrusions — the reality is that everyone is going to get hacked at one point or another — to meeting compliance regulations, cyberaudits and incident response.

A cyberaudit conducted by qualified experts such as Sera-Brynn can reveal how to meet compliance regulations. Purchasing cyber insurance (and ensuring you are adequately covered) is another aspect of treating cybersecurity as an investment.

Developing an incident response plan is a third element of the cybersecurity investment. This includes a crisis action response, handling public relations — think of the disastrous Target response when the company was breached by cyber thieves — and contacting law enforcement.

Companies should also take the long view when it comes to investing in cybersecurity. For one thing, investing in cybersecurity lends peace of mind at a time when anyone online is vulnerable to being hacked or compromised.

There aren’t products on the market that offer full protection from cyber threats so companies are needing to rely on experts such as Sera-Brynn, who are also the auditors. If you follow the advice of the experts, you can’t go wrong.

The Analogy Of A Home Inspection

Think of cybersecurity inspections or audits for a company like a home inspection for a prospective home buyer. Home inspections for buyers didn’t become routine until the 1980s and now they are regulated by states, serving as a form of protection for homebuyers making their biggest investment.

Cybersecurity has global standards. In four to five years cyber audits will be a routine practice for companies, but by then it may be too late for many firms.

Homes are built on solid foundations for stability and to withstand the elements and storms. Routine maintenance can include power washing vinyl siding, or treatment for pests. These are things every homeowner expects and anticipates as part of an investment in their home.

Cybersecurity is no different for companies. It’s an investment that pays off, protecting your business and increasing valuation.