Last October, The North Face joined the long list of brands and retailers that have been hacked. In fact, hackers are increasingly targeting retailers, for two reasons. First, because retailers are collecting extremely valuable personal information (known as personally identifiable information – or “PII”) from shoppers. And two, because retailers as a group are often not particularly tech-savvy, and so can be easier to hack than, for example, Facebook or Apple.
Cybersecurity is interesting in that if a business does it well, they never have to worry about it. Through luck or because they’re too small for hackers to bother with, many small businesses can get away with subpar cybersecurity. So many retailers don’t invest in it at all, and even so don’t have any problems for years. Then, one day, they wake up to the news that hackers have stolen all of the credit card information of their customers.
For this reason, a business offering cybersecurity services to retailers can be a hard business to run. While they are selling a valuable service that every company with any online presence needs, they don’t add anything to the topline revenue of a company. So it can be difficult for these businesses to differentiate themselves from one another, especially to less technical customers. Cybersecurity companies also need to hire highly specialized researchers who are able to keep up with the latest cybersecurity research and hacks, which can be extremely expensive. These two facts mean that it can be difficult for retailers to discern which cybersecurity companies actually have the best products, since the incentive for the company is to spend money on a flashy, well-marketed product instead of expensive researchers which may or may not help sales.
There is a need in the market for a cybersecurity product that aligns the incentives of the vendor and the customer. I believe that the solution lies in a different business model than the traditional startup product: insurance. In fact, the insurance model offers a lot of positives for this kind of business. For one, the cybersecurity company with the best product and best researchers can actually offer the cheapest premiums, because they can be more confident they won’t have to pay out as frequently. And companies can mitigate risk from retailers who are not internally following good cybersecurity practices by charging them a higher premium.
It’s possible that the next big startup in the cybersecurity space will be structured like an insurance company. Or maybe one of the big insurance companies will realize the huge opportunity in this space, and offer a solution themselves. Either way, I’m confident that we will see a solution to the hacker problem, and we’ll soon be able to buy North Face jackets without worrying.