A word from the CEO, Volume 5: “Cybersecurity & Valuations”

         Recently, I attended a local CEO peer group in which the conversation gravitated towards the topic of exit strategies. Many business owners think about how they would eventually exit their business; some actually formulate a plan while most figure life and business will take it’s natural course. As the conversation continued we agreed that while “dying with your boots on” is an admirable goal, it is surely not a viable exit strategy. When the conversation veered towards small business owners, I found out a friend who had all his ducks in a row almost sold his small printing business, until a routine check uncovered the land it was sitting on was toxic! Further investigation into city records revealed that the site he had operated his business on for 25 years was previously owned by a Chemical processing plant, meaning the mess was none of his doing. However, 25 years later he was left with problems and potential $50K clean-up bill before he could even think of a sale!
 
            This got me thinking, we have a series of check lists when we buy or sell our cars, property and even businesses. These check lists and processes are very detailed and are devised through years of experience, learning and transactions. Needless to say that if you follow the process and undertake the necessary due diligence your chance of success is pretty high. One element missing however, is a business’s security posture. Businesses of various size; small, medium and enterprise are bought, sold, merged or acquired everyday across the world.
 
            While I’m not sure how many due diligence lists actually have a “Cybersecurity Posture” check box, I do wonder if a lack of protection, affect valuations? Shouldn’t organizations include a variable assessment of their Cybersecurity Posture as part of their credentials? Just like the example of my colleague and the mess he was left with, a breach in cybersecurity could spell problems for years to come, sometimes with the consequences not surfacing until later on. In this day and age, we must consider the protection of business on all fronts, especially one so vulnerable as our data and IT. While everyone may not have the same frame of reference (living in Cybersecurity space surely makes the threats seem much more real and immediate), I would attribute a proper Cybersecurity posture to a successful business, and would certainly detract perceived value from a business without one. With the way things are going, this seems like it will become the norm.
-Philip