Cybercrime is a rapidly increasing trend that is affecting various industries worldwide. The global annual cost of cybercrime is predicted to reach $8 trillion by 2023. This is expected to increase by 15% over the next five years, reaching $10.5 trillion by 2025. Phishing attacks are among the most common types of cybercrime, accounting for 80% of reported cybercrimes in the technology sector. In 2021, phishing was the second most common reason for data breaches, averaging $4.91 million in breach costs. 

In both public and private markets, cybercrime has had a significant impact on company valuations. If a company falls victim to a cyber-attack, it can result in a breach of sensitive data, lead to financial losses, and cause damage to the company’s reputation. This can make investors and customers less confident in the company, leading to a decrease in the company’s stock price and overall valuation. Additionally, companies that are at a higher risk of cyber-attacks may be seen as less valuable by investors, as they may have to spend more money on security measures to protect themselves. 

“In the current climate, cybersecurity is no longer an optional extra for companies, it is a necessity,” notes Keith Hollander, partner and global lead for cybersecurity services at MorganFranklin Consulting. “As such, private equity firms must ensure that the companies they are considering investing in have robust cyber defenses in place or risk overvaluing them.” 

Many regulators and laws are also demanding stricter data protection and cybersecurity measures. Companies that do not comply with these regulations can face heavy fines and penalties, which can further affect the company’s valuation. The net effect of this threat and new regulations is higher operating expenses for companies and the need to take cost out in other areas of the IT function.  

As a result, many PE firms are now paying closer attention to the company’s industry, sector, and its business model, as those are leading indicators that a company may be more likely to be targeted by cybercriminals. A key driver for this increased focus is escalating cyber insurance costs along with carriers reducing or eliminating coverage for ransomware. Preparation for a strong cyber insurance policy starts with diligence and can make a company more valuable in certain circumstances by mitigating the financial and reputational risks associated with cybercrime. This can potentially limit the financial damage to a company in the event of a cybercrime incident, which can be particularly important for small and medium-sized businesses that may not have the financial resources to absorb the costs of a major cyber-attack. 

However, it is important to note that having a cyber insurance policy does not make a company invulnerable to cybercrime and the subsequent reputational damage. It may also not be a decisive factor for investors or analysts when evaluating a company’s overall value, as there are many other factors that may be considered. Therefore, a company should also have good cybersecurity practices and policies and incident response plans to decrease the risk of cybercrime and its impact. The company’s management must also be able to adequately communicate their cybersecurity posture to its stakeholders.  

We are progressively seeing our clients offset increased cybersecurity costs by reviewing and reducing costs in other IT areas, particularly cloud computing. Private equity firms are directing their portfolio companies to reduce public cloud costs to improve valuations through two key levers. Many portfolio companies are signing long-term discount agreements and building new cloud operating models to proactively track and optimize cloud costs on a real-time basis. PE firms are also encouraging their portfolio company CIOs to build a strong business case for a move to the public cloud, instead of an automatic assumption that public “cloud” equals cost savings. As an example, latency-dependent or data intensive workloads have a longer ROI before realizing cost savings in the public cloud. Private cloud options are available, but can be cost-prohibitive and have other issues in this realm.  

How MorganFranklin Can Help 

If you are seeking assistance in creating a strong cybersecurity program for your organization, optimizing your public cloud costs, and understanding the impact of cybersecurity on your company’s potential valuation, reach out to MorganFranklin Consulting for expert help! 

Talk to one of our experts today.