Investors demand more transparency about corporate cyberattacks
More than 70 percent of American investors are interested in reviewing public company cybersecurity practices and nearly 80 percent would not likely consider investing in a company with a history of cyberattacks, according to a new nationwide survey of investors released by HBGary at the RSA Conference 2013 in San Francisco.
The survey of 405 U.S. investors also found that more than 66 percent of investors are likely to research whether a company has been fined or sanctioned for previous cybersecurity incidents.
“For some time, we have said that cybersecurity cannot be a ‘checkbox’ item on a company’s operational to do list,” said Ken Silva, senior vice president of cyber strategy for ManTech’s Mission Cyber & Intelligence Solutions Group. “This survey proves that today’s investors are more educated about the damage cyberattacks can cause to a company’s brand and financial bottom line. The high cost of cyberattacks cannot be understated.”
But, investors are not only looking at the actual attacks. Indeed, 66 percent of investors feel that corporate responses to cyberattacks are more noteworthy than the actual attack.
“This is good news,” said Jim Butterworth, chief security officer for HBGary. “Fortunately, corporations now have access to cutting-edge tools to conduct monitoring, incident validation, response and other key phases of incident response on their own – without need for expensive services.”
By a wide margin, the survey reveals investors are twice as concerned if a company had a breach of customer data (57 percent) versus theft of intellectual property (IP) (29 percent).
“Consumer data breaches grab the headlines and the large liability settlements. But the lack of concern for IP theft underscores the need for broader education about the financial risk IP theft poses to a company” Butterworth pointed out. “The pilfering of American company trade secrets and other sensitive data is happening every day – costing our corporations billions of dollars in lost revenue.”
According to a 2012 report by the FBI, the American economy is losing billions of dollars to economic espionage each year. When an organization’s factory or device blueprints, confidential trade deals or other sensitive intellectual property are stolen and duplicated by a foreign entity, there are multiple costs to the victim company such as the loss revenue in the competitive marketplace and cost of creating new go-to-market ideas. In addition, a cyberbreach can financially impact an organization’s customers, partners, etc. – all of whom must incur thousands of dollars in costs to mitigate the threat.