Insights & News

Government Contracting: How Cybersecurity Can Impact Your Valuation


Cyber security is a constantly evolving subject matter for businesses. Like the computer viruses that are generally associated with the term, the issue itself has proven infectious for corporations both in its reach and impact as it grows over time.

Many organizations have learned the hard way that it is also a very costly subject matter. A study produced by IBM and the Ponemon Institute suggests that the average cost of fixing or resolving a data breach in 2015 was more than $3.75 million. That number is only expected to grow.

The Effects of Cyber Security Attacks

The increasing level of connectivity has served as perhaps the predominate economic theme of the past quarter century. It has also created substantial new risk to the security of sensitive information. Moore’s Law of Computing states that overall processing power for computers will double every two years.  Newton’s third law of motion states that for every action, there is an equal and opposite reaction. Combine the two theories together and you have a pretty good explanation of the future impact of cyber security on businesses.

Advances in technology will yield new and superior tools for cyber security protection. The strength and sophistication of these tools may provide companies with greater comfort in their cyber security measures. This has historically resulted in entrusting digital tools with more responsibilities for data protection. Ones that would otherwise have a larger level of manual security involved.

However, Moore’s theory on advances in technology does not apply unilaterally to forces of good. The future versions of yesterday’s data breaches will benefit equally from advancements in technology. The primary difference is that even more sensitive information will be available to hackers’ fingertips upon infiltration.

Essentially, as businesses become more dependent on the latest cyber security software, it will become increasingly difficult to protect against equally advanced hackers and cyber security attacks. In turn, companies will continue to need to invest more money towards preventing and resolving attacks through technology, legal and insurance costs.

How does Cyber Security Affect a Valuation?

Cyber security issues can be fairly plain to see within a company’s financials.

This is especially the case for companies who have experienced some type of data breach. The financial fallout can be directly measured by increases in legal, insurance and technology costs all of which increase overhead. Sometimes, it may represent the need for a valuation discount wherein a breach became a client relations or reputation management issue that created a stigma for the company in the marketplace.

In other cases, it can be seen in a disproportionate amount of cyber security expenses for a company relative to its peers. An important part of the fair market valuation process is predicated upon determining tangible risks or liabilities for a business. A discount in valuation might be warranted for a company that has been determined to have forgone industry standards for data security subjecting it to unnecessary risks.

Cyber Security Risks Based on Industry

While cyber security is somewhat universal in its growing importance, it is however somewhat disproportionate in terms of how it may be considered in a valuation based on industry.

The consideration of cyber security issues for a local retail shop are certainly dwarfed in comparison to that of a local bank. That theory can be demonstrated at a more macro level when considering the differences in implications and cost for the very similar hacks endured by Target and JPMorgan Chase in 2014. Target announced the costs of the hack at $148 million. JPMorgan Chase never released an official figure, however did announce it would invest more than $250 million alone in new cyber security system improvements. Reports estimated the actual cost in the billions of dollars.

For valuation, the consideration is largely related to the extent and volume of ways that a company’s earning potential could be hindered by cyber security issues. It plays a more serious role wherein an industry is more centrally dependent on the management or access of sensitive information. Especially when that information could be viewed as particularly valuable to hackers.

Government Contractors Near the Top of the List

Few industries carry the same level of risk for cyber security as that of government contractors. As a result, the consideration of cyber security can be particularly large in terms of valuation.

Government contractors rank alongside the financial sector as the most frequently targeted and attacked organizations in the world. These companies are often the most susceptible to cyber security attacks due to the nature of the work being so inherently involved with highly sensitive information, the need to store classified data, as well as the volume of personnel with high level security access. That is basically the perfect recipe for hackers when targeting organizations.

The cyber security consideration is important not only for the potential immediate financial risks associated with things like repairs and litigation, but also because of the disproportionate ways it can affect a company long term.  The vast majority of the value of a contractor is intangible assets.  Beyond the value of contracts, interested buyers may be willing to pay a premium for certain contractors related to the intellectual property and know-how of its workforce.  If clearances and sensitive data are compromised, buyers may require a significant discount or simply lose interest.  Additionally, in the case of a hyper competitive  industry such as government contracting, having a “Scarlett Letter” in the form of a previous cyber security issue can be an instant rejection or unfortunate tie-breaker when weighing organizations competing for the same contract. That is a reality that a valuation analyst is forced to consider when calculating worth.

With decades of experience in performing business valuations within government contracting sectors, the valuation analysts at Patuxent Valuation Group have extensive familiarity working with government contractors of all sizes to fulfill their valuation needs. To learn more about the effect that cyber security can have on your valuation, please contact Patrick Lowry at or 410-418-9290.

For more information

Please visit our Contact Us page and drop us a line. One of our seasoned professionals will respond to your request as soon as possible.