Advice For Investors: How To Assess Cybersecurity As A Competitve Advantage

Several of us at Pythia Cyber have consulted to hedge funds. The number 1 rule of platform management at a hedge fund is: don't lose money. Investors assessing whether to take a stake in a prospect need to ask sophisticated questions about how that prospect's executives have managed to manage cybersecurity risks against rewards to create competitive advantage. A company that is actively managing that balance is worth a capital investment.

It is said that business cases are money stories, and we agree. So let's ask about the cybersecurity business case:

• Does the company have a cybersecurity plan or strategy (e.g., NIST CSF)?
• How closely is the cybersecurity plan integrated into business operations?
• Who is responsible for managing the cybersecurity plan, and what is that person's reporting relationship to executive leaders?
• What balance have executives set between investments in cybersecurity (internal focus) relative to go-to-market (external focus) functions?

Cybersecurity is everyone's business. External actors engaging in spying or theft, internal actors ("insider threats") engaging in espionage or willful misuses of systems or materiel, or even facilities without adequate design -- all of these pose potential cybersecurity risks. Lost time, equipment, intellectual property, customer information, or money is costly in terms of cash or insurance. Executive teams need to increase revenue and market share, and they need to minimize loss. 

Companies that can balance both gain and cybersecurity risk are at a competitive advantage. Companies that cannot balance gain and cybersecurity risk are at a higher risk of losing money or failing to gain market share. Do you as an investor know how to assess that competitive advantage? Ask us how.