You are here: Home » Companies » News
Business Standard

Cyber breaches catch investor attention

Information security has become the new critical parameter for those putting money into tech start-ups, for good reason

N Sundaresha Subramanian & Sudipto Dey  |  New Delhi 

Investors are taking serious note of data security breaches in start-up ventures. Some have gone to the extent of asking experts to conduct a 'stress test' on cyber defenses and the framework of in the pre-investment phase. Many are treating security of data as one parameter for investment, apart from metrics such as the business opportunity and its scalability, and the quality of the founding team.

"Investors take security breaches very seriously, as it highlights the vulnerabilities which can impact the core pillars of businesses," notes Mukul Shrivastava, partner, fraud investigation & dispute services, EY. In cases where customer data gets leaked, it reduces confidence in the business operations and makes the company susceptible to customer action, he adds. Some investors say any data security breach in an e-commerce venture is a reflection on the management capabilities of the founders.

Hemant Kanakia, member-investor, Indian Angel Network, feels early-stage investors are also getting sensitised to the issue. "I would probably not invest in a company that has had a cyber security breach. The reputation risks are high if there are plans to take the company global," says Kanakia, who has invested in about 15 start-ups over close to three years.

Rising issue
Hacking and data breach incidents are on the rise in India. The latest is with, part of Times Internet, a music download start-up which has built a user base of over 10 million. Last month, a Lahore-based white hat hacker (internet slang for an ethical hacker or computer security expert, who specialises in testing to ensure the security of an information system) performed an exploit of this kind. The situation was brought under control several hours after the breach happened but Times Internet's chief executive, Satyan Gajwani, had to himself step in.

Gajwani, whose firm is also an investor in many tech start-ups, said they were fortunate that no sensitive information was leaked or even accessed. The key lessons he drew: "First and foremost, all our businesses have raised security as a top priority. We're strengthening our security team to continuously test and check our practices." Further, the group is creating in-house expertise on information security and plans to ensure "those learnings and capabilities are available to all investee companies", he adds.

Investors like Gajwani and Kanakia say as more employ cloud-based solutions for business operations, security will become a critical component of their strategy. In a blog post last month, Ronald Zibelli Jr, senior portfolio manager, Oppenheimer Funds, made a case for investment in cyber crime fighters, explaining how there was "an escalating number of high-profile computer hacking attacks and cyber security breaches, each more troubling and serious than the last".

Beyond lone rangers
A recent PwC survey found the number of detected information security incidents grew 48 per cent in 2014, compared with 2013, to 42.8 million. More disturbing, the attacks increasingly are coming not only from individuals or organised crime rings but from well-funded groups sponsored by nation states. In fact, those types of attacks were up 86 per cent in 2014 from a year before, making government-backed attacks the fastest growing threat to companies' proprietary data. According to technology research and advise firm IDC, global spending on information technology security exceeds $15 billion a year and is expected to be nearly $20 bn by 2017.

EY's Srivastava notes a rising number of cases where the perpetrators are employees of a company. "It is not mandated by any law or statute to disclose cyber breaches in India. In many developed economies, it is mandatory for to disclose cyber breaches to customers and shareholders," he added.

In November last year, one of the worst hack attacks in the world was reported by Sony Entertainment, which saw some of its systems becoming inoperable.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Thu, June 04 2015. 00:30 IST