A Q&A with Rob Chiang of Navigant Consulting
When a company loses valuable R&D data during a breach incident, that loss or value must be calculated for financial and legal purposes. I asked Rob Chiang, leader of the Intellectual Property valuation practice at Navigant Consulting, about the valuation process, and how he determines the value of lost data.
What are the valuation methods you use?
There are generally three main valuation approaches:
- Income Approach. This approach is based on the future cash flows that the business or asset is expected to generate going forward.
- Market Approach. This approach is based on prices paid in transactions involving similar businesses or assets.
- Cost Approach. This approach is based on the principle of replacement/substitution, or what it would cost to replace the asset or business.
For technology or R&D, the Income Approach is usually the most appropriate since it’s based specifically on future cash flows associated with the asset. The Market Approach should also be considered although it is generally difficult to find comparables in the market, especially when you’re talking about something that is unique or innovative like R&D. In addition, information regarding specific market transactions is usually confidential so it can be difficult to get the details of the transaction. The Cost Approach is sometimes considered but cost does not always translate into value. Just because you’ve put a lot of money into an R&D project doesn’t mean you will earn an adequate return in cash flow.
Can you explain how you might value an R&D loss, as in the case of hackers from a foreign nation-state?
When hackers come in and steal IP, clients come to me to learn what that IP is worth on its own or what profits they might have lost due to the theft. Accordingly, we can assist in estimating the IP’s overall value or estimating a component of that value (lost profits). In most cases, we will work with the client to develop the valuation model based on future cash projections, sales, profits, market industry research, and the background of the technology or asset in question. Of course, the clients usually know their products better than anyone else, so I generally need their input. In our projects, we generally deliver a full valuation report with detailed exhibits from the valuation model , but we can provide whatever the client needs and wants. Usually the valuation model is income-based and is flexible enough to run various sensitivities and scenarios in order to identify which variables have the greatest impact on value.
What issues or disputes might arise in the valuation process?
As I mentioned previously, the Income Approach is based on financial projections – which are based on assumptions for future sales, costs and profits associated with the asset or business. Therefore, the biggest issue or dispute generally pertains to the assumptions that are incorporated into the valuation model. These assumptions must be reasonable and supportable based on available market, industry, and historical information. Supporting these assumptions can be even more challenging with R&D projects and new technologies which don’t have the history of sales and profits for support.
In summary…
Theft of intellectual property, especially trade secrets, is arguably one of the leading cyber risk threats facing businesses and research organizations. Our hope is to someday convince our insurance carrier partners to cover this exposure – especially the first-party loss (diminished valuation or revenue) due to theft. Ceding this risk exposure via expanded cyber risk coverage is challenging for most insurers right now, primarily because of a lack of actuarial data on losses, and because of concerns about proactive valuation methods such as those outlined by Mr. Chiang. Another important topic here, of course, is developing an upfront safeguarding and protection strategy for the IP, which is crucial. For this topic, we urge you to read the July 2013 related Junto blog interview with Marshall Heilman of Mandiant.
