Security Record Key for Investors

Tuesday, February 26, 2013 @ 06:02 PM gHale

If companies want to continue to bury their heads in the sand and ignore good security practices, not only will they pay in terms of the inevitable attack, but investors will shy away if there is a history of getting hacked, a new report said.

U.S. investors just don’t want to invest in companies that have a history of getting hacked, and are twice as concerned about those whose customer data ended up stolen over those whose intellectual property walked out the door.

Security Firms to Share Intel
Security Checklist for CEOs
Executives: Cyber Fears Top List
Data Breaches Take Months to Find

A survey conducted by Zogby Analytics on behalf of HBGary and reported at the RSA Conference 2013 in San Francisco found close to 80 percent of American investors said they are not likely to invest in a company that has suffered multiple cyber attacks, and 70 percent would research a publicly traded firm’s cyber security practices and incidents.

“The fact that investors and customers care so much about this is why we are starting to see boardrooms take a lot more interest in the security of a company,” said Ken Silva, senior vice president for cyberstrategy for the mission, cyber and intelligence solutions group at ManTech International Corp., which is a HBGary subsidiary.

Investors weigh customer data breaches as worse than theft of IP, with 57 percent saying they consider a hack that compromises customer data as more worrisome, while some 29 percent rated intellectual property as a bigger issue.

“People can relate to [customer data theft] right now and can feel the shockwave. I think IP theft will start to show itself and its real impact a couple of years from now when stolen intellectual property starts to make its way through the system,” Silva said. “That’s as opposed to now, when we know it’s happening, but we haven’t actually seen the ramifications of it yet like we do with customer data. We’re not seeing exact copies of the next tablet coming out before Samsung or Apple,” he said.

HBGary’s report, which gathered data from 405 U.S. investors surveyed, also found 66 percent of investors said they would likely research whether a company had been fined or disciplined for a security breach.

Silva said the most shocking finding of the survey was 78 percent said they weren’t likely to invest in a company that had suffered multiple security breaches. “That’s an incredibly high number, and that shows just how seriously investors are really taking [cybersecurity].”

The report also found investors care about how companies handle breach disclosure. “Given all of the publicity around breaches in the last two years, we’re almost numb to hearing about it. But when a breach is poorly handled, boy, does it make the headlines,” Silva said. “If you’re hiding it, not disclosing, taking too long to disclose it, or if no one knew” for a long time about the breach, that shakes investors’ confidence in the victim organization, he said.

A copy of the report was not immediately available.

Leave a Reply

You must be logged in to post a comment.