• Home
  • /Learn
  • /Investing in Cybersecurity: From Startups to M&A
background image


Investing in Cybersecurity: From Startups to M&A


In today’s digital world, investors in technology-driven organizations now have a responsibility to ensure cybersecurity efforts are given first priority during all stages of business development. In the past five years, cyberattacks have nearly doubled, driving down consumer confidence and incentivizing a strong demand for cybersecurity services in an effort to protect consumer data and privacy.

Merger and Acquisitions

Data breaches do not only affect business owners and consumers, they also result in massive economic losses for investors. According to a recent survey conducted by Forescout, upwards or 53% of respondents said their organizations encountered a critical cybersecurity incident or issue during a merger and acquisition. Further, after closing an acquisition, 65% of experienced “buyers’ remorse”, regretting the deal on the basis of poor cyber security. As a real world example, during Verizon Communication’s recent acquisition of Yahoo!, the disclosure of two data breaches, mid-acquisition, “hacked” $350 Million off the final purchase value.

When you’re buying a company, you are not just acquiring the company, but also their cyber security posture, and the inherent risks associated with them, thus, cybersecurity assessments, or penetration tests, must play a greater role in any investment, acquisition or otherwise in order to avoid “buying a breach.”

Forescout’s report also goes on to indicate that only 37% of respondents agree their internal IT team has the skills necessary to adequately conduct a cyber security assessment. This indicates the need for third party testers with specialized knowledge to adequately assess the cybersecurity posture of a given environment.

See Also:

Start-up Businesses

Published July 3rd, 2019, World Economic Forum has released a report aptly titled Incentivizing Responsible and Secure Innovation Principles and Guidance for Investors. The report proposes an innovative approach to investing, placing a heavy focus on cybersecurity incentives for investors.

Investors providing capital to start-ups, including small and medium-sized businesses therefore have the obligation, opportunity and moral responsibility to ensure these companies prioritize their cybersecurity efforts starting from the early stages of development. As much effort and capital as this may require will be of nominal significance when considering the long-term benefits and security these actions will contribute in the effort to the development a more secure digital marketplace for business owners, consumers and investors alike. Cyber due diligence, therefore, can aid not only in securing business success and meeting consumer demands, but also provides investors with healthy, reliable returns.

See Also:

The report goes on to outline five key initiatives that investors can increase cybersecurity, beyond the regulatory compliance and legal obligations implicated by such initiatives as PIPEDA and GDPR:

  1. Incorporate a cyber-risk tolerance threshold: Include cyber-risk in assessment of business risk.

  2. Conduct cyber due diligence: Evaluate the integration of cybersecurity into a company’s policy and culture.

  3. Determine an appropriate incentive structure: Define cybersecurity expectations, benchmarks and enforceability.

  4. Secure integration and development: Develop and follow action plans to continually support cybersecurity efforts.

  5. Regularly review and encourage collaboration: Ensure cybersecurity actions are in place and updated regularly.

Historically, investors have always played a significant role in helping business leaders to develop, optimize and mature their businesses. Thus, by prioritizing cybersecurity, investors can effectively increase the potential of success for their investments, but also allow business owners to develop and maintain the consumer confidence that will ensure success for years to come.

For more information on anything here, or assistance choosing a penetration testing company, please contact us.