Investors can and should encourage companies to prioritize cybersecurity. A new World Economic Forum report, Incentivizing responsible and secure innovation: principles and guidance for investors, proposes a framework for investors to measure and address cybersecurity efforts.
Cyberattacks have almost doubled in the past five years, undermining consumer confidence and driving demand for more secure digital products that protect consumer privacy. Recent research by Bain & Company shows that consumers would buy more products and pay higher prices for Internet of Things (IoT) devices if their worries about cybersecurity were addressed.
Cyber-attacks also result in economic losses for investors: during Verizon Communication’s recent acquisition of Yahoo, the disclosure of two data breaches resulted in a $350 million price reduction.
Investors providing capital to start-ups and small and medium-sized enterprises therefore have an opportunity and a responsibility to ensure that companies prioritize cybersecurity early in their development. This cyber due diligence can help businesses meet consumer demands, provide investors with reliable returns and contribute to a more secure digital market.
“Investors cannot ignore the cybersecurity of their target companies,” said Alois Zwinggi, Head of the Centre for Cybersecurity at the World Economic Forum. “Without proper due diligence of policies on cyber threats, security risks will turn into business risks.”
The report outlines five ways investors can increase cybersecurity, beyond the regulatory compliance and legal obligations:
- Incorporate a cyber risk tolerance threshold: include cyber-risk in assessments of business risk
- Conduct cyber due diligence: evaluate the integration of cybersecurity into the company’s policy and culture
- Determine an appropriate incentive structure: define cybersecurity expectations, benchmarks and enforceability
- Secure integration and development: develop and follow action plans to continually support cybersecurity efforts
- Regularly review and encourage collaboration: ensure cybersecurity actions are in place and updated as necessary
Investors already play a significant role in helping entrepreneurs develop, optimize and mature their businesses. By prioritizing cybersecurity, they can increase the potential for long-term success and help facilitate innovation in the digital space.
Contributors to the report include representatives from: Accenture; AlixPartners; Bank of America; BCG Digital Ventures; Blackstone; Boston Consulting Group; Columbia University; FCLTGlobal; Hewlett Packard Enterprise; Hillspire; Ionic Security; Massachusetts Institute of Technology; S&P Global; Salesforce; Team8; Vista Equity Partners; Willis Towers Watson.