“If you’re investing in a more mature health technology or financial technology company, you’re going to bring in a subject matter expert to perform a deeper level of technical diligence.”

• One factor that determines the level of evaluation is exposure, which is often a function of business maturity. In an early stage investment, there is less exposure. As the business scales and becomes more mature, however, you need to bring in third parties to evaluate security risk.
• The results of any security assessment provide guidance for subsequent RM practices. Investors can look at that and see which security measures the management team needs to implement in preparation for scaling the business.

“We know what effective security policies and procedures look like, and
we can ask the right questions.”

For Oron Strauss, managing partner at MOST Ventures, LLC, a company that provides capital and operational expertise to businesses in multiple industries, cyber risk is an important investment consideration. He says, “With technology driving so many aspects of business, the importance of assessing the cyber risk of any business in which you’re looking to invest is only going to grow.”
When evaluating investment risk, the core investment thesis always comes first: The business makes sense and fits basic investment criteria. Once the investor gets past that criterion, cyber risk is a key element of risk management (RM) evaluation. The importance of cyber risk is relative to the type of business. Strauss explains: “Cyber risk will have a higher priority if the business has important and potentially vulnerable intellectual property or is data driven (for example, a high-visibility consumer business). If you’re looking at a business with ties to national security, a strong cybersecurity policy is absolutely necessary for growing the business.”
When Strauss and his partners evaluate cyber risk, they look at key factors related to data and intellectual property to understand what is actually at risk, the processes used to protect those assets, and any vulnerabilities that may exist.

This is an excerpt from 7 Experts on Evaluating and Managing Cyber Risk for Investors.  This eBook was generously sponsored by BlueVoyant.