Independant. Dynamic. Involved.

Put Cyber on the Corporate Balance Sheet

By Peter Rietveld.

Uber, the world’s largest taxi company, owns no vehicles. Facebook, the world’s most popular media owner, creates no content. Alibaba, the most valuable retailer, has no inventory. And Airbnb, the world’s largest accommodation provider, owns no real estate”

These words from Tom Goodwin[1] went viral, as a powerful image of the disruptive force coming from the newest internet era Enterprises. No one can compete with a company with so little costs, so the traditional enterprise is doomed.

A powerful image indeed.

The second part of the Tom Goodwin’s argument gathered much less attention: it states that “the interface layer is where all the value and profit is” and  “the Internet age means building things is nothing other than code”.  This part is overlooked with good reasons, as its message is not as strong as it should have been.

What is missing is that the production means of today are not on the balance sheet. But they do exist. And they must be added to the balance sheet.

Corporate assets that are not on the balance sheet, will be overlooked. They will not be maintained, valued, nourished or protected. This makes the new empires highly vulnerable.  These new commercial empires may by this oversight crumble as fast as they were established.

They omit their prime production factors from their balance sheet: the Digital Infrastructure and the Information, specifically the Trust in them. Trust is the protection of customer privacy and the protection against cybercrime.  Trust is the reliability of the information you present – be it products, delivery times or user reviews. Trust is in the reliability of the entire process including your supply chain – digital and non-digital. This includes the tracking and tracing of the transport company, the social authentication mechanism and the payment provider you use. This even includes standard internet services as DNS and standards as SSL. The bottom line is that trust is what your customers think of you. When the trust in you evaporates, so will your enterprise.

The digital infrastructure is mostly overlooked as it is the public internet and the apps on private devices. The biggest part is not in your datacentre nor outsourced – it is the public internet itself. That appears to be free and hence is non-existent from the CFO perspective. Yet this part is very real and it is vulnerable. It needs to be protected and that requires an active role as threats change at a rapid and increasing pace. Someone has to pay these costs. And it is rarely done as it is spending money protecting something that is not tangible or worse still, as something that doesn’t seem to exist.

With the omission of the prime production factor from the balance sheet enterprises today take a huge risk. By adding public infrastructure, information, information systems and code to the corporate balance sheet, just as buildings, knowledge and machines, the balance can be redressed. Then normal risk management practices can be applied to the digital world as they are in the traditional world. Organizations currently struggling with cyber security will finally have a solid footing. This is the critical step in making cyber security mature.