Framework proposed to help investors address issue that has resulted in big losses
Investors should push companies to prioritize cyber-security, warns a new World Economic Forum report. It also proposes a framework for investors to measure and address cyber-security within a company.
Cyber-attacks have almost doubled in the past five years, undermining confidence in some companies and driving demand for more secure digital products.
Cyber-attacks have also resulted in losses for investors: during Verizon Communications’ recent acquisition of Yahoo, the disclosure of two data breaches resulted in a $350 mn price reduction.
Investors providing capital to start-ups and small and medium-sized enterprises therefore have an opportunity and a responsibility to ensure companies prioritize cyber-security early in their development, notes the report.
This cyber-due diligence can help businesses meet consumer demands, provide investors with reliable returns and contribute to a more secure digital market.
‘Investors cannot ignore the cyber-security of their target companies,’ said Alois Zwinggi, head of the Centre for Cyber-security at the World Economic Forum, last week. ‘Without proper due diligence of policies on cyber-threats, security risks will turn into business risks.’
The report outlines five ways investors can increase cyber-security, beyond regulatory compliance and legal obligations:
1. Incorporate a cyber-risk tolerance threshold: include cyber-risk in assessments of business risk
2. Conduct cyber-due diligence: evaluate the integration of cyber-security into the company’s policy and culture
3. Determine an appropriate incentive structure: define cyber-security expectations, benchmarks and enforceability
4. Secure integration and development: develop and follow action plans to continually support cyber-security efforts
5. Regularly review and encourage collaboration: ensure cyber-security actions are in place and updated as necessary.
Investors already play a significant role in helping entrepreneurs develop, optimize and mature their businesses, notes the report. By prioritizing cyber-security, however, it says ‘they can increase the potential for long-term success and help facilitate innovation in the digital space.’