What Do Cybersecurity, Brown M&M’s & Credit Ratings Have in Common?

Eddie Van HalenOf all the examples of pompous extravagance the legendary rock band Van Halen exemplified, one that has always stood out was the band’s contractual requirement that the dressing room to have M&M’s — but warned there were to be no brown M&M’s. If any were there, the band had the right to cancel the concert at the full of the promoter (see No Brown M&M’s).

Only recently did the band reveal the real reason for this requirement. It was their canary in the coal mine to alert them to major problems.

No Brown M&M's

Van Halen wasn’t just playing music, they were putting on a massive stage show that involved filling venues with equipment they were never intended to handle. This posed a significant safety concern for the public as well as the band. To mitigate against this risk, Van Halen’s contract spelled out in precise detail the technical requirements for how the stage, lighting, and other equipment were to be assembled. Hence, the reason for the No Brown M&M’s Clause:

To ensure the promoter had read every single word in the contract, the band created the “no brown M&M’s” clause. It was a canary in a coalmine to indicate that the promoter may have not paid attention to other more important parts of the rider, and that there could be other bigger problems at hand (seeNo Brown M&M’s).

Cybersecurity Risks & Credit Ratings

A few weeks ago, Moody’s announced that it will begin to place more weight on a company’s cybersecurity risks when issuing its credit ratings.  (see Moody’s).

The report is the latest indicator that it has becoming increasingly important that companies view cybersecurity in financial terms, not simply in terms of reputational risk.

“More cyber security expertise is being added to boards and trustee governance,” said associate managing director Jim Hempstead, in a release. “We expect many issuers will create distinct cyber security subcommittees, which is a material credit positive.”

S&P issued a similar warning in September, stating that it would downgrade credit ratings of financial institutions that have poor cybersecurity protections.

Good for Moody’s and S&P!

Think about it. For today’s companies, their cybersecurity posture is that canary in the coal mine — the brown M&M’s — that will either indicate that the company is carefully focusing on its business or is run in a haphazard manner.

Cybersecurity should be used to evaluate credit ratings as well as other aspects of the company. This is good for everybody — especially for companies that are keeping their cybersecurity house in order. It will give them a distinct competitive advantage in the future as more and more become attuned to just how bad cybersecurity risk can be.

So, what do cybersecurity, brown M&M’s and credit ratings have in common? They’re all an indication of the kind of company that others want to do business with; ultimately, they mean increased competitiveness.

(Disclaimer: I am more of a Van Hagar fan than a Van Halen fan)

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

One thought on “What Do Cybersecurity, Brown M&M’s & Credit Ratings Have in Common?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s