Investors are taking serious note of data security breaches in start-up ventures. Some have gone to the extent of asking experts to conduct a 'stress test' on cyber defenses and the framework of companies in the pre-investment phase. Many are treating security of data as one parameter for investment, apart from metrics such as the business opportunity and its scalability, and the quality of the founding team.
"Investors take security breaches very seriously, as it highlights the vulnerabilities which can impact the core pillars of businesses," notes Mukul Shrivastava, partner, fraud investigation & dispute services, EY. In cases where customer data gets leaked, it reduces confidence in the business operations and makes the company susceptible to customer action, he adds. Some investors say any data security breach in an e-commerce venture is a reflection on the management capabilities of the founders.
Hemant Kanakia, member-investor, Indian Angel Network, feels early-stage investors are also getting sensitised to the issue. "I would probably not invest in a company that has had a cyber security breach. The reputation risks are high if there are plans to take the company global," says Kanakia, who has invested in about 15 start-ups over close to three years.
Hacking and data breach incidents are on the rise in India. The latest is with Gaana.com, part of Times Internet, a music download start-up which has built a user base of over 10 million. Last month, a Lahore-based white hat hacker (internet slang for an ethical hacker or computer security expert, who specialises in testing to ensure the security of an information system) performed an exploit of this kind. The situation was brought under control several hours after the breach happened but Times Internet's chief executive, Satyan Gajwani, had to himself step in.
Investors like Gajwani and Kanakia say as more companies employ cloud-based solutions for business operations, security will become a critical component of their strategy. In a blog post last month, Ronald Zibelli Jr, senior portfolio manager, Oppenheimer Funds, made a case for investment in cyber crime fighters, explaining how there was "an escalating number of high-profile computer hacking attacks and cyber security breaches, each more troubling and serious than the last".
Beyond lone rangers
A recent PwC survey found the number of detected information security incidents grew 48 per cent in 2014, compared with 2013, to 42.8 million. More disturbing, the attacks increasingly are coming not only from individuals or organised crime rings but from well-funded groups sponsored by nation states. In fact, those types of attacks were up 86 per cent in 2014 from a year before, making government-backed attacks the fastest growing threat to companies' proprietary data. According to technology research and advise firm IDC, global spending on information technology security exceeds $15 billion a year and is expected to be nearly $20 bn by 2017.
EY's Srivastava notes a rising number of cases where the perpetrators are employees of a company. "It is not mandated by any law or statute to disclose cyber breaches in India. In many developed economies, it is mandatory for companies to disclose cyber breaches to customers and shareholders," he added.
In November last year, one of the worst hack attacks in the world was reported by Sony Entertainment, which saw some of its systems becoming inoperable.