Buying or investing in a company without undertaking cyber diligence is like signing a mortgage without doing a proper home inspection: significant value can disappear before the ink is even dry, and unseen problems can emerge years later, resulting in unexpected costs or material disruptions.

Cyber attacks threaten the competitiveness and value of companies of all sizes and across all sectors, from real estate to retail, and from pharmaceuticals to food services. Estimates of the cost of cyber crime to the United Kingdom range between £18bn and £27bn. The total cost to the US economy of intellectual property (IP) theft alone has been estimated at $300bn per year, or the equivalent in value to America’s total annual exports to Asia, according to the recent IP Commission Report.

In some cases, disruptions and costs are easy to see, for example when Distributed Denial of Service (DDoS) attacks in late 2012 and early 2013 stopped customers from accessing banks’ websites, or when payments processor Global Payments Inc. accumulated losses of nearly $100m after a breach involving personally identifiable information (e.g., customers’ credit card numbers).

In other cases, costs may be harder to see but can be even more dire. Consider the case of American Superconductor Corp. (AMSC), a Massachusetts-based energy technology company. AMSC enjoyed a productive partnership with Sinovel, a Chinese wind turbine manufacturer that was AMSC’s largest customer, until March 2011, when Sinovel – already behind on some payments – unexpectedly rejected a shipment of AMSC electronic components worth $70m. As AMSC executives struggled to understand the sudden change in the relationship, the company announced that it was significantly adjusting revenue expectations because of Sinovel’s actions; its stock dropped 40 percent in one day and 84 percent in a few months.

Jan-Mar 2014 Issue

Good Harbor Security Risk Management