Chris Kim, Founder, UNION Labs

“The result of failing to meet the business hurdle and getting breached is the same. It’s basically a business killer.”

  • Determining cyber risk can range from a conversation with the engineering team and the chief technology officer to a full-blown security assessment by a third party. The route the company takes depends on the stage and industry it’s in.
  • A company’s attitude toward security says a lot about not only its cyber risk but its overall risk as an investment.

“I’m much more willing to trust a team that has acknowledged the risk and made an executive level, business oriented decision around where to place that risk.”

“We like to take a step back and consider cyber risk in the context of all the other risks a business is facing,” says Chris Kim, founder of UNION Labs, a deep technology venture fund that builds and backs early-stage startups. “We invest in early-stage companies, and at this point there are so many risks, including cyber risk, that can kill the business that the team is going to have to make some judicious decisions and balance trade-offs.”
When Kim and his partners evaluate an investment, they first determine whether the company has the right product for the market and can design, build, and ship the product on time. They also have to look at security risk. “The result of failing to meet the business hurdle and getting breached is the
same,” he says. “It’s basically a business killer.”
Investors and businesses can use a range of options to determine cyber risk, from conversations with the engineering team and the chief technology officer to a full-blown, third-party security assessment. The route you take typically depends on the stage and industry the company is in.

This is an excerpt from 7 Experts on Evaluating and Managing Cyber Risk for Investors.  This eBook was generously sponsored by BlueVoyant.