Cybersecurity is a constantly evolving subject matter for businesses. Like the computer viruses that are generally associated with the term, the issue itself has proven infectious for corporations both in its reach and impact as it grows over time.
Many organizations have learned the hard way that it is also a very costly subject matter. A study produced by IBM and the Ponemon Institute suggests that the average cost of fixing or resolving a data breach is more than $3.86 million. That number is only expected to grow.
The Effects of Cyber Security Attacks
The increasing level of connectivity has served as perhaps the predominate economic theme of the past quarter-century. It has also created a substantial new risk to the security of sensitive information. Moore’s Law of Computing states that overall processing power for computers will double every two years. Newton’s third law of motion states that for every action, there is an equal and opposite reaction. Combine the two theories together and you have a pretty good explanation of the future impact of cybersecurity on businesses.
Advances in technology will yield new and superior tools for cybersecurity protection. The strength and sophistication of these tools may provide companies with greater comfort in their cybersecurity measures. This has historically resulted in entrusting digital tools with more responsibilities for data protection. Ones that would otherwise have a larger level of manual security involved.
However, Moore’s theory on advances in technology does not apply unilaterally to forces of good. The future versions of yesterday’s data breaches will benefit equally from advancements in technology. The primary difference is that even more sensitive information will be available to hackers’ fingertips upon infiltration.
That being said, at the same time, there are new ways to retrieve data that has been lost or stolen being developed. For example, nowadays, it is totally possible to perform a mac hard drive recovery that simply would not have been an option a few years ago. Needless to say, data recovery services are working at an unprecedented rate to tackle data breaches and storage issues in an effective and secure manner.
Essentially though, as businesses become more dependent on the latest cybersecurity software, it will become increasingly difficult to protect against equally advanced hackers and cybersecurity attacks. In turn, companies will continue to need to invest more money toward preventing and resolving attacks through technology, legal and insurance costs.
How does Cyber Security Affect a Valuation?
Cybersecurity issues can be fairly plain to see within a company’s financials.
This is especially the case for companies who have experienced some type of data breach. The financial fallout can be directly measured by increases in legal, insurance and technology costs all of which increase overhead. Sometimes, it may represent the need for a valuation discount wherein a breach became a client relations or reputation management issue that created a stigma for the company in the marketplace.
In other cases, it can be seen in a disproportionate amount of cybersecurity expenses for a company relative to its peers. An important part of the fair market valuation process is predicated upon determining tangible risks or liabilities for a business. A discount in valuation might be warranted for a company that has been determined to have forgone industry standards for data security subjecting it to unnecessary risks.
Cyber Security Risks Based on Industry
While cybersecurity is somewhat universal in its growing importance, it is however somewhat disproportionate in terms of how it may be considered in a valuation based on industry.
The consideration of cybersecurity issues for a local retail shop are certainly dwarfed in comparison to that of a local bank. That theory can be demonstrated at a more macro level when considering the differences in implications and cost for the very similar hacks endured by Target and JPMorgan Chase in 2014. Target announced the costs of the hack at $148 million. JPMorgan Chase never released an official figure, however, did announce it would invest more than $250 million alone in new cybersecurity system improvements. Reports estimated the actual cost in the billions of dollars.
For valuation, the consideration is largely related to the extent and volume of ways that a company’s earning potential could be hindered by cybersecurity issues. It plays a more serious role wherein an industry is more centrally dependent on the management or access to sensitive information. Especially when that information could be viewed as particularly valuable to hackers.
Government Contractors Near the Top of the List
Few industries carry the same level of risk for cybersecurity as that of government contractors. As a result, the consideration of cybersecurity can be particularly large in terms of valuation.
Government contractors rank alongside the financial sector as the most frequently targeted and attacked organizations in the world. These companies are often the most susceptible to cybersecurity attacks due to the nature of the work being so inherently involved with highly sensitive information, the need to store classified data, as well as the volume of personnel with high-level security access. That is basically the perfect recipe for hackers when targeting organizations.
The cybersecurity consideration is important not only for the potential immediate financial risks associated with things like repairs and litigation, but also because of the disproportionate ways it can affect a company long term. The vast majority of the value of a contractor is intangible assets. Beyond the value of contracts, interested buyers may be willing to pay a premium for certain contractors related to the intellectual property and know-how of its workforce. If clearances and sensitive data are compromised, buyers may require a significant discount or simply lose interest. Additionally, in the case of a hyper-competitive industry such as government contracting, having a “Scarlett Letter” in the form of a previous cybersecurity issue can be an instant rejection or unfortunate tie-breaker when weighing organizations competing for the same contract. That is a reality that a valuation analyst is forced to consider when calculating worth.
With decades of experience in performing business valuations within government contracting (GovCon) sectors, the valuation analysts at Evergreen Advisors have extensive familiarity working with government contractors of all sizes to fulfill their valuation needs. To learn more about the effect that cybersecurity can have on your valuation, please contact Patrick Lowry at plowery @ evergreenadvisors.com or 410-997-6000.
