Cybersecurity and Company Valuation

Ankur Sheth writes about how cybersecurity risk impacts private equity in a deal cycle. Risk managers, especially those at companies contemplating mergers and acquisitions, can glean important information about the resilience or fragility of their company’s valuation by reading his analysis. Investors have become accustomed to watching a target’s value vaporize when its data is breached. “A business that cannot defend itself from threat actors is worth less than one that can,” Sheth writes, and he also notes that the regulatory requirements related to cybersecurity can result in penalties and legal consequences that eat away at a company’s worth. However, there is a competitive advantage to be gained by robust cybersecurity. Organizations often view risk transference by purchasing cyber insurance as an adequate safeguard. That’s an illusion, says Sheth. If a post-incident investigation finds that the victim of a data breach lacked the infrastructure and controls to adequately defend itself, policies are likely to be rendered null and void. Continual monitoring and upgrading of cybersecurity is the only foolproof way to protect valuation. Sheth provides the case studies that demonstrate the importance of cybersecurity in the deal lifecycle: Verizon-Yahoo!; Elliott Management – LastPass; and SilverLake/Thoma Bravo-SolarWinds: The Unforeseen Regulatory Costs of a Cyber Breach

SolarWinds is a business software developer that produces programs for IT infrastructure management. In 2016, SolarWinds was acquired by private equity firms Silver Lake and Thoma Bravo.