Data is like Oil….Sort Of

Posted on : 30-09-2015 | By : Jack.Rawden | In : Data

Tags: , , , ,

0

  • We are completely dependent upon it to go about our daily lives
  • It is difficult and expensive to locate and extract and vast tracts of it are currently inaccessible.
  • As technology improves we are able to obtain more of it but the demand constantly outpaces supply.
  • The raw material is not worth much and it is the processing which provides the value, fuels & plastics in the case of oil and business intelligence from data.
  • It lubricates the running of an organisation in the same way as oil does for a car.
  • The key difference between oil and data is that the supply of data is increasing at an ever faster rate whilst the amount of oil is fixed.

So how can data be valued and what exploration mechanisms are available to exploit this asset?

The recent prediction that Google will be the first company to hit the $1 Trillion Market Cap is a good place to start to identify the value of data.  Yes, they have multiple investments in other markets, but the backbone of the organisation is the ability to capture and utilise data effectively. Another similarity is the valuation of Facebook at $86 dollars a share and ~$230B market cap with tangible (accounts friendly) assets of around $45B.  The added value is Data.

This highlights that calculating a company’s data worth or value is now integral in working out the valuation of an organisation. The economic value of a firm’s information assets has recently been termed ‘data equity’ and a new economics discipline, Infonomics, is emerging to provide a structure and foundation of measuring value in data.

 

The value and so price of organisations could radically alter as the value of its data becomes more transparent. Data equity will at some point be added to the balance sheet of established firms potentially significantly affecting the share price – think about Dun & Bradstreet, the business intelligence service – they have vast amounts of information on businesses and individuals which is sold to help organisations make decisions in terms of credit worthiness. Does the price of D&B reflect the value of that data? Probably not.

Organisations are starting appreciate the value locked up in their data and are utilising technologies to process and analyse the Big Data both within and external to them. These Big Data tools are like the geological maps and exploration platforms for the information world.

 

  • The volume of data is rising at an ever increasing rate
  • The velocity of that data rushing into and past organisations is accelerating
  • The variety of data has overwhelmed conventional indexing systems

 

Innovative technology and methods are improving the odds to finding and getting value from that data.

How can an organisation gain value from its data? What are forward thinking firms doing to invest and protect its data?

1. Agree a Common Language

Data is and does mean many things to different firms, departments and people. If there is no common understanding of what a ‘client’ or ‘sale’ or an ‘asset’ is then at the very least confusion will reign and most likely that poor business decisions will be made from the poor data.

This task is not to be underestimated. As organisations grow they build new functions with different thinking, they acquire or are bought themselves and the ‘standard’ definitions of what data means can change and blur. Getting a handle on organisation wide data definitions is a critical and complex set of tasks that need leadership and buy-in. Building a data fabric into an organisation is a thankless but necessary activity in order to achieve longer term value from the firm’s data.

 

2.Quality, Quality, Quality

The old adage of rubbish in, rubbish out still rings true. All organisations have multiple ‘golden sources’ of data often with legacy transformation and translation rules shunting the data between systems – if a new delivery mechanism is built it is often implemented by reverse engineering the existing feeds to make it the same rather than looking at the underlying data quality and logic. The potential for issues with one of the many consuming systems makes it too risky to do anything else. An alternative is to build a new feed for each new consumer system which de-risks the issue in one sense but builds a bewildering array of pipes crossing an organisation. With any organisation of size it is worth accepting that there will be multiple golden copies of data but the challenge is to make sure they are consistent and have quality checks built in. Reconciling sets of data across systems is great but doesn’t actually check if the data is correct, just that it matches another system….

3. Timeliness

Like most things, data has a time value. As one Chief Data Officer of a large bank recently commented ‘data has a half-life’ – the value decays over time and so ensuring the right data is in the correct place and the right time is essential and out of date/valueless data needs to be identified as such. For example; A correct prediction of tomorrow’s weather is useful, today’s weather is interesting and a report of yesterday’s weather has little value.

4. Organisational Culture

Large organisations are always ‘dealing’ with data problems and providing new solutions to improve data quality. Many large, expensive programmes have been started to solve ‘data’. Thinking about data needs to be more pervasive than that it needs to be part of the culture and fabric of the organisation. Thinking about data (accuracy, ownership, consistency, and time value) needs to be incorporated into organisations as part of the culture, articulating the value of data can help immensely with this.

5.Classification

Understanding what is important rather than having a blanket way of dealing with data is important. Some data doesn’t matter if it is wrong or not up to date because either not consumed (obvious question is – then why have it?) or irrelevant for process.  Other data is critical for a business to survive so a risk based approach to data quality needs to be used and data graded and classified on its value.

6. Data ownership

Someone needs to be accountable for and owner of data and data governance within an organisation. It does not mean that they have to manage each piece but they need to set the strategy and vision for data. More large organisations are now creating a Chief Data Officer role to ensure there is this ownership, strategy and discipline with regard to their data.

Data is the core of a business and there is a growing acknowledgement of its potential value.

As the ability to extract information and intelligence from data improves there will be some disruptive changes in the market value of firms that have the sort of data which can improve the organisations market share, profitability and potentially traded.

Companies that have huge amounts of information regarding their customers: banks, shops, telecoms firms will be well positioned to take advantage of this information if they can manage to organise and exploit it.

 

Caveat Emptor: The impact of poor cyber security in mergers & acquisitions

Posted on : 30-09-2015 | By : richard.gale | In : Cyber Security

Tags: , , , , , , ,

0

The Ashley Madison breach is now infamous in the world of cyber security as a stark warning of what can happen when hackers get hold your data.  The fallout from this incident has been far reaching and resulting in a failed IPO attempt to list on the London Stock Exchange and multi-million dollar class action lawsuits.  US retailer Target suffered another high profile breach where costs are said to have reached over $160 million and traffic to its site dropped by 23% over the following year. We can see how a breach can have a major impact on company financials in terms of profit and reputational damage.  How you would be feel if you were a new shareholder in Ashley Madison or your company had recently acquired Target?!

Cyber security should be part of any company risk profile and the M & A sector is no exception. However, more often than not this is not the case.  The prime purpose of a merger or acquisition is for the acquiring company to make a return on investment or add value to the existing company.  As cyber security can have a major financial impact it must be seen as a key risk indicator in the due diligence process.

It wasn’t that long ago that mergers and acquisition deals were conducted in a paper based room secured and locked down to only those with permitted access.  These days the process has moved on and is now mostly online, with the secure virtual data room being the norm. Awareness of cyber security in the information gathering part of the deal making process is well established. It is the awareness and need to look at the cyber security of the target company itself that needs to be addressed.  Technology due diligence is investigated but tends to focus on system compatibility and integration alone.

A study published by law firm Freshfields Bruckhaus Deringer found that 78 % of global respondents did not think that cyber security was analysed in great depth as part of the M&A due diligence due process, despite the fact that two thirds said that a cyber incident during the deal or discovery of a past breach during due diligence would significantly impact the transaction.

Deal makers acquiring must take assess the cyber risk of an organisation in the same way that it would assess overall financial risk. Due diligence is all about establishing the potential liabilities of the company you are taking on.  According to the Verizon Data Breach survey it takes an average of 205 days to discover a breach. Often companies are breached without ever knowing. It is therefore crucial to look at the cyber risk not just in terms of have they been breached but what is likelihood and impact of a breach.  An acquisition target company that looks good at the time of closing the deal may not look quite so good a few months later.

The main reason for this lack of importance given to the cyber threat is that M&A teams find it hard to quantify the cyber risk particularly given the time pressures involved.  A cyber risk assessment at the M&A stage would is crucial if the acquiring company wants to protect its investment. The ability to carry out this assessment and to quantify the business impact of a likely cyber breach with a monetary value is invaluable to deal makers. Broadgate’s ASSURITY Assessment provides this information in a concise, value specific way using business language to measure risks, likelihood and cost of resolution.

Conclusion

A cyber security assessment should be part of every M&A due diligence process. If you don’t know what you are acquiring in terms of intellectual property and cyber risk how can you can possibly know the true value of what you are acquiring!

Also crucial for all prospective sellers to demonstrate a serious proactive planned approach to cyber security when attempting to achieve the best price for their business.