CFO Perspective: Undervaluing Cybersecurity

Dateline: November 17, 2017

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

For the past couple of blogs, we have been focused on the CFO’s role in cybersecurity.   In this week’s Friday WRAP, we share an article from which published an opinion piece about viewing cybersecurity as a valuation issue.  The article, Why Cybersecurity is Finanically Undervalued, presents the need to rethink cybersecurity:

Securing corporate America is not a technology problem. Instead, shareholders need to value cybersecurity and begin to punish poor performance.

Further, the author, Kevin Magee, a global security analyst at Gigamon, suggests,

Unfortunately, there’s little market incentive for executives to take their focus off of growth and profits to worry about breaches. That’s true because, even though hundreds of millions or billions of customers may be affected, their companies’ stock prices during and after the disclosure of high profile-data breaches may decrease only slightly and often a quickly recover.


To even begin to place a proper value on cybersecurity, CFOs need to start asking some hard questions:

  • What are the company’s most valuable digital assets?
  • Where are they are physically located, and who owns the hardware they’re stored on?
  • Do you have a means of understanding and communicating what they are actually worth?
  • Who has access to them and how is access controlled?
  • How financially damaging would it be if they were hijacked or stolen or if the company was completely denied access to them?
  • If your company was hit with a catastrophic attack that shut down its most vital operations down for a few weeks, perhaps a month, how would you recover?
  • Would your company even continue to exist?

How can your company begin to calculate valuation of a cybersecurity program?

That’s a WRAP!  Have a great weekend!

Speak Your Mind