SecureState Blog

Read SecureState's award winning blog.

Kickstarter’s Data Breach Raises a Larger Investment Strategy Issue

If you follow the start-up industry, specifically crowd-funding, you may have noticed that was breached.

In a letter sent out to their customers, Kickstarter stated,

“While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computingkickstarter-hackerpower to guess and crack an encrypted password, particularly a weak or obvious one.”

While Kickstarter is basically “crowd donations” rather than crowd funding, in that no equity is ever exchanged for money donated, their data breach raises an important topic for actual equity investors.


Why you (investors) should care

It’s just another breach in a long line of companies that didn’t spend the time and resources to protect data. Users should just change their password and move on, right? Not exactly. There may be a deeper issue than just poor security at play and it may affect more than just the crowd-funding crowd.

I am currently taking classes at Northwestern University Kellogg School of Management for my Executive Master of Business Administration (EMBA). One of the classes I am taking this quarter is Venture Capital Structures and Start-ups. The class covers types of funding, funding structures, due diligence and exit strategies.

One thing that struck me as odd was the lack of security awareness or interest investors have around the company or idea they are funding. This is a serious blind spot for investors, because security can negatively affect the likelihood of a start-up’s success.


First, let’s start from the beginning 

You have an idea, you’re ready to take that idea to market by starting a company, but you need funding to get started. Most people will turn to seed funding, where an investor will typically give you $25 – $100k. This then opens up to rounds, or series of funding, starting with series A, then B and so on and so forth. That seed money is used for infrastructure, hiring, development, or whatever else is needed to get an idea off the ground.

Once the idea is somewhat established, you may look for Angel investors to provide more funding (there are various funding sources, so for simplicity let’s just use Angel investors). At each subsequent series, the risk for investment goes down (probability of failure), but the amount of money invested goes up.

Depicted by the graph below, this is true up until Series B. At this point, security can start to have an adverse effect on the probability of the start-up succeeding (as I stated earlier).

Basically, if the start-up gets breached and loses data, intellectual property (IP), or worse, adversely effects investor confidence, the return on future earnings falls dramatically.



Secure your investments

If you are an investor reading this and thinking of funding a start-up, think about your return on your investment as it relates to security. Is your investment secure? Chances are you are making investments with a considerable downside risk that you may not even be aware of.

If you are a start-up, and you have received outside funding, I am sure you have diluted your shares significantly. Thus the payout or exit strategy for the co-founders is either an Initial Public Offering (IPO) or purchase by a larger organization. A security breach can turn this exit strategy into a fire sale. Next time you get funding, think of making an investment into the security of the start-up. It will have a positive return on investment (ROI) and bolster investor confidence. Your competition isn’t thinking about security. You should be.