Cybersecurity A Growing Investment Consideration

Understanding a company’s cybersecurity posture and risk management strategy is an essential element of thorough investment due diligence.

cybersecurityAlongside the more traditional measures such as earnings per share, P/E ratio, dividends, and yield, cybersecurity has recently appeared on many investors’ radar as one of the newest criteria for company valuation. For some institutional fund managers and private investors, understanding a company’s security posture and risk management strategy is an essential element of thorough investment due diligence.

The Impact of a Breach on Company Performance and Valuation

Cybersecurity breaches have commanded headlines for years, but in recent months the breaches and their devastating impacts have become transparent to even the most casual of investors. Some high-visibility breaches of past years, such as Target, ultimately yielded little long-term impact on stock valuation (and arguably even brand), as a result of the negative consequences such as Personally Identifiable Information exposure and financial losses in breach mitigation, legal fees, and increased cybersecurity spend. However, 2017 saw cyber incidents that not only affected millions of Americans, but also caused signification disruption to business operations and a change to the organization’s fundamental business model.

Equifax is just such a case in point. Not only did the Equifax brand suffer irreparable damage and business operation disruption, but the costly incident incited considerable public and governmental scrutiny on how credit data is owned, managed, and protected. The hack inspired the introduction of the recent Data Breach Prevention and Compensation Act, a bill which would, if passed, give the Federal Trade Commission the right to police and fine credit reporting agencies, granting financial compensation to victims of hacks.

“As cybersecurity threats continue to escalate and consumers demand better cybersecurity protections, companies must outlay increasing capital to secure their businesses.”

A 2016 breach on Uber, which wasn’t disclosed until November of 2017 (and reportedly handled by paying off the hacker to delete data) resulted in both brand damage and a decline in consumer confidence. The disclosure was extremely ill-timed for Uber; the company was working to complete a deal with SoftBank Group Corp (SFTBY), wherein the Japanese company would invest capital in exchange stock position. The deal was closed at a significantly less favorable rate than initially proposed; the degree to which the breach played a role was not disclosed, but it can certainly be speculated upon. Similarly, the same can be said for the Yahoo hack that happened in the middle of an M&A transaction.

The Impact of Expanding Regulation

The winds of the regulatory environment are constantly shifting, and more stringent requirements are moving in. There is a price tag associated with coming into compliance, which varies by company and regulation; but that is only one potential consideration. A growing public concern for individual privacy and associated legislation to protect these privacies are sweeping across Europe, most recently in the form of The General Data Protection Regulation (GDPR), which comes into effect in the European Union in May. GDPR requires that companies that host and process individuals’ personal data release or delete that data upon the individual’s request. This privacy regulation will have significant operating model impacts on countless companies, which will have a window of time to implement processes, systems, and potentially add staff to comply, or meet stiff fines.

Consider the significant effect GDPR could have on the revenue streams of global large cap tech corporations, which mine, store, and utilize personal information in highly targeted marketing schemas. As most of us have experienced personally, marketing behemoths such as Facebook (NASDAQ: FB), Apple (NASDAQ: AAPL), Amazon (NASDAQ: AMZN), Netflix (NASDAQ: NFLX), and Google (NASDAQ: GOOG), nicknamed The FAANGs, serve users highly targeted ads based on information about that person and their preferences. Once GDPR goes into effect, global companies must comply with regulations pertaining to EU citizen data; should GDPR-like regulations gain traction in other countries such as the United States, privacy concerns will almost certainly have an even more pronounced effect on how these corporations market and fill their sales pipelines.

The Consumer Effect

As cybersecurity threats continue to escalate and consumers demand better cybersecurity protections, companies must outlay increasing capital to secure their businesses. Both consumers and investors are beginning to demand transparency around these protections, and incoming regulations are providing the means to deliver this visibility. In late December 2016, the U.S. Securities and Exchange Commission (SEC) announced that it would be refreshing its six-year-old guidance on how publicly traded companies report on breaches and disclose cybersecurity readiness. New York State has already implemented similar transparency regulations for financial institutions and insurers, which could provide impetus to other states to follow suit.

Embracing the Cybersecurity Challenge

In a dynamic market, every challenge offers opportunity, and there will be some companies that come out on top of the cybersecurity challenge. The most obvious winners will be those companies that help public and private sector organizations protect themselves against threats: These include cybersecurity strategy advisory firms, cyber defensive technology companies (software and platform), compliance advisory and assessment firms, and cybersecurity response and recovery organizations.

In corporate investing more generally, the companies that are most engaged with their own cyber risk mitigation strategies, Incident Response Planning (IRP), and are looking ahead and planning for upcoming changes in the regulatory environment will have a clear advantage, particularly once upcoming transparency and disclosure guidelines come into effect.

Taken together, the high cost of breaches and their potential fallout, cyber security readiness, and compliance can no longer be ignored in the portfolio valuation; many discerning investors are already looking ahead. For companies looking to solidify their own company valuations, investing time and resources into a strong, foundational cybersecurity strategy—as well as communicating those strategies for market advantage—are investments well made.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.