Cybersecurity is Now Part of How Investors Value Companies

By Peter Bernstein February 28, 2013

Like it or not bad, news sells. And, when it comes to business headlines, a dominant theme has been cyber-based security breaches at major companies around the world. Reality is no company, or as we also know no government, is immune from being attacked by those will malicious intent.     

That said, it used to be, and not that long ago, that the measures companies took regarding risk mitigation practices in general —but more specifically how threats from cyber attacks ranging from massive distributed denial of service (DDoS) attacks on websites to zero-day polymorphic Advanced Persistent Threats (APTs) from a variety of malware—were just a check box item that was part of a company’s operational expense. However, a new survey by HBGary says that investors in companies now want to know how well the companies they are investing in are investing in cyber protection along with demanding transparency as to the frequency and depth of breaches. 

What the survey found is good news for security vendors who are no longer going to be seen as a necessary nuisance to deal with, but rather are central to companies’ economic viability. The more interesting aspect of the survey is in the questions it raises going forward in terms of what metrics will be used by as variety of stakeholders (customers, channel partners, ecosystem members, investors and others) in determining whom they can trust to do business with and bet their future on. 

“The survey says!”

HBGary, a division of ManTech International Corporation, is a leading provider of Enterprise Incident Response (EIR) solutions and services. Because of its role in helping enterprises and government agencies find, detect and mitigate cyber risks, HBGary asked noted market research firm Zogby Analytics to find out how the level of cyber security a company employs impacts how investors feel about that company. What the survey of U.S. investors showed is that cyber attacks, and more importantly how companies respond to them, is increasingly top of mind in investment decisions.

I will not spoil the delight or lack thereof to be gained from reading the entire survey results except to titillate you to click on the link to get the full copy with a few key data points gathered from over 400 respondents in the U.S. investment community:

  • 67 percent  of were found to research whether a company has been fined or sanctioned for previous cybersecurity incidents
  • 69 percent were unlikely to invest in a company with a history of data breaches
  • 78 percent are unlikely to invest in a company with a history of one or more cyber attacks
  • 71 percent would be interested in reviewing a company’s cybersecurity history if it was included in regulatory filings
  • 66 percent of investors are more concerned about a company’s reaction to a cyber attack than the attack itself.

 “For some time, we have said that cybersecurity cannot be a “checkbox” item on a company’s operational to do list,” said Ken Silva, senior vice president of cyber strategy for ManTech’s Mission Cyber & Intelligence Solutions Group. “This survey proves that today’s investors are more educated about the damage cyberattacks can cause to a company’s brand and financial bottom line. The high cost of cyberattacks cannot be understated.”

What was interesting was that the investors are not only looking at the actual attacks but that last item about being concerned about how attacks are dealt with is likely one of the reasons the RSA show I have been attending is not just packed with vendors with all kinds of new capabilities on a myriad of security fronts, but also had a very healthy (and what the organizers were delighted by) number of not just CSOs and CIOs but other C-levels. 

Back to the survey, “This is good news,” said Jim Butterworth, chief security officer for HBGary. “Fortunately, corporations now have access to cutting-edge tools to conduct monitoring, incident validation, response and other key phases of incident response on their own – without need for expensive services.”

One other fact of note from the survey reveals investors are twice as concerned if a company had a breach of customer data (57 percent) versus theft of intellectual property (IP) (29 percent).  Butterworth noted that, “Consumer data breaches grab the headlines and the large liability settlements.   But the lack of concern for IP theft, underscores the need for broader education about the financial risk IP theft poses to a company…The pilfering of American company trade secrets and other sensitive data is happening every day –costing our corporations billions of dollars in lost revenue.”

At the end of the day what the survey highlighted was a theme I heard from several vendors at the RSA show over several days that organizations of all types need to take a holistic approach to risk mitigation, and particularly in regards to cybersecurity. This means having a strategy based on a layered approach as to what data is important and hence the level of protection needed when it is static (stored) as well as on the fly, and how much therefore needs to be invested in best practices to get peace of mind.

In the past while important, especially for IT professionals, such questions were as HBGary notes relegated to being check list items and an operational expense. With so much literally on the line/online, it is now true that the whole world is watching, and what they see and want to see going forward is something not just CSOs but all C-levels are going to have to take into serious consideration when evaluating their risk mitigation investments and corporate policies and rules. It will be interesting to see how far the needles move on this type of survey in the next year.




Edited by Amanda Ciccatelli
SHARE THIS ARTICLE
Related Articles

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More