What Do Cybersecurity, Brown M&M’s & Credit Ratings Have in Common?

Eddie Van HalenOf all the examples of pompous extravagance the legendary rock band Van Halen exemplified, one that has always stood out was the band’s contractual requirement that the dressing room has M&M’s — but warned there were to be no brown M&M’s. If any were there, the band had the right to cancel the concert at the full expense of the promoter (see No Brown M&M’s).

Only recently did the band reveal the real reason for this requirement. It was their canary in the coal mine to alert them to major problems.

No Brown M&M's

Van Halen wasn’t just playing music, they were putting on a massive stage show that involved filling venues with equipment they were never intended to handle. This posed a significant safety concern for the public as well as the band. To mitigate against this risk, Van Halen’s contract spelled out in precise detail the technical requirements for how the stage, lighting, and other equipment were to be assembled. Hence, the reason for the No Brown M&M’s Clause:

To ensure the promoter had read every single word in the contract, the band created the “no brown M&M’s” clause. It was a canary in a coalmine to indicate that the promoter may have not paid attention to other more important parts of the rider, and that there could be other bigger problems at hand (see No Brown M&M’s).

Cybersecurity Risks & Credit Ratings

A few weeks ago, Moody’s announced that it will begin to place more weight on a company’s cybersecurity risks when issuing its credit ratings.  (see Moody’s).

The report is the latest indicator that it has becoming increasingly important that companies view cybersecurity in financial terms, not simply in terms of reputational risk.

“More cyber security expertise is being added to boards and trustee governance,” said associate managing director Jim Hempstead, in a release. “We expect many issuers will create distinct cyber security subcommittees, which is a material credit positive.”

S&P issued a similar warning in September, stating that it would downgrade credit ratings of financial institutions that have poor cybersecurity protections.

Good for Moody’s and S&P!

Think about it. For today’s companies, their cybersecurity posture is that canary in the coal mine — the brown M&M’s — that will either indicate that the company is carefully focusing on its business or is run in a haphazard manner.

Cybersecurity should be used to evaluate credit ratings as well as other aspects of the company. This is good for everybody — especially for companies that are keeping their cybersecurity house in order. It will give them a distinct competitive advantage in the future as more and more become attuned to just how bad cybersecurity risk can be.

So, what do cybersecurity, brown M&M’s and credit ratings have in common? They’re all an indication of the kind of company that others want to do business with; ultimately, they mean increased competitiveness.

(Disclaimer: I am more of a Van Hagar fan than a Van Halen fan)

One thought on “What Do Cybersecurity, Brown M&M’s & Credit Ratings Have in Common?

This site uses Akismet to reduce spam. Learn how your comment data is processed.