Cyberattacks are one of the world's most pressing concerns. In fact, they were ranked among the top ten risks in the World Economic Forum's Global Risk Reports for 2020 and 2021. 1 According to the reports, cybercrime-as-a-service is becoming more affordable, accessible, and sophisticated. Though previously regarded as a technological issue,
cybersecurity is now a growing ESG concern for private companies, investors, regulators, and consumers.
Why cybersecurity is material for private companies
Cyberattacks are significant issues for both private and public companies because they increase the risk of exposing confidential company information or sensitive customer data, disrupting supply chains, increasing regulatory scrutiny, and/or causing reputational harm. In 2021, the average cost of a data breach (including ransom payments and customer compensation) was $4.24 million per incident (the highest level in 17 years),8 and the global cost of cybercrime is expected to be $10.5 trillion annually by 2025. 9 Companies with marketable client or intellectual property information face increased financial risk as a result of the impact that data has on both their value and brand loyalty. Furthermore, firms that rely heavily on real-time operations can expect high per-minute costs of lost opportunity and revenue if a denial-of-service (DoS) attack occurs.
As a result, while some attacks may result in no direct material loss, these risks can have a significant impact on a company's valuation by influencing brand perception and operating costs.
Private companies should consider these potential risks when
evaluating cybersecurity investments, as underspending can significantly increase long-term costs.
Cybersecurity is a widespread and rapidly growing issue that has significant material impacts on private companies. These risks are especially relevant as private companies prepare to enter public markets, where strict oversight controls are regarded as good governance. Companies, in our opinion, must have the necessary expertise and infrastructure to navigate these significant risks and the corresponding increase in regulation and disclosure expectations.