Leftronic reports that only 8 percent of U.S. households owned a computer in 1984. Business entrepreneurs of the 1980s and '90s had few concerns about cybersecurity

Many business leaders of the '80s and '90s are the Boomers of today, and many Boomers of today are preparing to retire. According to AARP, more than 10,000 Boomers reach retirement age in the United States every day. 

The California Association of Business Brokers reports that Boomer-held businesses represent more than $10 trillion in assets, and that more than 12 million businesses will change hands in the next 10-15 years. 

Amid this shifting landscape, business owners and sellers, especially those who did not grow up in the digital age, should consider the impact a robust IT infrastructure can have on the businesses one desires to protect or sell.

The Risk

Parachute IT Solutions reports that cybercrime costs Americans more than $1 trillion annually. Larger businesses and businesses that have remote workers in their employ are desirable targets for cybercriminals.

IT security plays an important role in how a business is valued and performs on the seller's market. It is reported that less than 5 percent of sellers walk away with substantial net profit. The astute will look for ways to differentiate their business by mitigating risk factors and providing what top (next-generation) buyers expect in the businesses they purchase. Proper cybersecurity protocols are near the top of the list.

More and more, potential buyers use the cybersecurity threat level as a matrix in determining the value of a business. It is not rare for a poor IT infrastructure to be assigned a value, and for that value to be subtracted from the offered purchase price.

Next Steps

  • Consider connecting with a cyber-insurance or IT specialist to make an assessment and share recommendations regarding your IT-related risk and needs. Gartner IT Solutions recommends that 1.5 percent to 3.5 percent of your revenue should be invested in IT infrastructure.
  • Establish a plan to address the following:
  1. Every computer and user accessing business data should be accounted for each month. IP addresses and log-in passwords should be verified against the business's authorized list.
  2. Every computer accessing business data should have an encrypted hard drive, protected passwords, and current, licensed antivirus software complying with industry-recommended performance standards.
  3. Your business should have a practical plan to monitor equipment and protocols and to quickly address IT issues. 
  4. Several employees should be trained and able to monitor and address most IT issues, or you should contract with a company that guarantees prompt service. For example, Jim Lambert, founding partner of DivergeIT, offers what he calls, a "Rule of One" service plan whereby "problems are identified within one minute, managed by one person, and resolved within one hour." 

Top Mistakes Business Owners Make Regarding IT Issues

  • Underestimating the risk. Most business owners report that computers associated with their organization are properly protected with antivirus software. However, experts note that 94 percent of businesses have at least one computer with no, weak, dated, or expired antivirus software accessing their data. As Thomas Reid, 18th century philosopher and founder of the Scottish School of Common Sense, said, "A chain is only as strong as its weakest link."
  • Not investigating cyber-insurance needs and benefits. Working with a pro to provide you with a detailed risk assessment and action plan can guard your investment and reputation, minimize IT problems and downtime, and potentially save money for those who find they were over-insured.
  • Not fulfilling owner responsibilities detailed in a cybersecurity service or insurance plan. For example, if your coverage states you will be covered in the event of a breach if the computer that was compromised was authorized and up to date on antivirus software and licensing, it is the business owner's responsibility to ensure that all computers accessing business data are authorized and properly software equipped.
  • Viewing extra security steps as time lost or wasted. It is true that higher security protocols (such as multiple sign-in authentications) translate to a longer log-in process, which is not always user-friendly for small mobile devices. However, the minimal inconvenience should be thought of as a small price to pay to protect your business's uninterrupted operation, reputation, and financial security. 
  • Viewing an IT audit as a one-and-done protocol. Verifying the integrity of your IT-related protocols and working to remain in compliance with insurance policy stipulations should be viewed as an ongoing process.

The more that tech is involved in your business, the higher the risk. In today's business world, operating with industry-recommended IT protocols and services is more of a requisite than a recommendation. Stephane Nappo, Global Head of Information Security for Société Générale International Banking, warns, "It takes 20 years to build a reputation, and a few minutes of cyber-incident to ruin it."

For more on valuation, see Veristrat, or my YouTube channel.