Question
Assume you are the CISO (Chief Information Security Officer) of ACE Co., considering the possibility of hiring a small company called Cyber Co. to provide
Assume you are the CISO (Chief Information Security Officer) of ACE Co., considering the possibility of hiring a small company called Cyber Co. to provide extra cybersecurity to your firm. Cyber Co. specializes in cybersecurity-related services. Cyber Co. is willing to give you a fixed three-year contract for $200,000 per year, assuming you sign the contract today. However, if ACE Co. wants to wait one year before deciding on whether to sign a contract for the external cybersecurity services, Cyber Co. tells you that it is willing to pre-commit to a fixed two-year contract for $300,000 per-year, starting one year from today. Ace Co. does not have to make the decision on the two-year contract until one year from today (i.e., next year, ACE is free to decline on accepting the pre-committed contract). If ACE Co. decides against hiring Cyber Co. after one-year, future negotiations with the company would have to start all over.
You estimate that the extra cybersecurity capability provided by contracting with Cyber Co. would save ACE Co. an expected amount of either $400,000 or $100,000 per year by preventing potential cybersecurity breaches. There is an equal likelihood (i.e., 50% probability) for each possible savings. Given your firm's operations, you believe that whatever happens in the first year related to cybersecurity breaches would be indicative of what would happen in the following two years. In other words, the cost savings derived from contracting for Cyber Co.'s cybersecurity services would be known with certainty by the end of the first year. Thus, by the end of the first year, ACE Co. would know if the extra cost savings were $400,000 or $100,000 from signing a contract with Cyber Co., and those savings would be the same for the following two years. When considering projects that last more than one year (i.e., like the one discussed above), your firm estimates its cost-of-capital (i.e., the discount rate used in computing the present value for money) to be 15%. Assume all future cash flows (i.e., the future cost savings are the future cash flows) occur at end of the year.
Question
The firm's CFO (Chief Financial Officer) asked you (the firm's CISO) to provide a written recommendation on whether to:
(1) forget about both the three-year and two-year contracts with Cyber Co. and just let the ACE Co. absorb the costs of any cybersecurity breaches,
(2) sign a three-year contract with Cyber Co. today, at a cost of $200,000 per year (with payment due at the end of each year), or
(3) wait a year and decide at that point whether or not to sign a two-year contract with Cyber Co., at a cost of $300,000 per year (with payment due at the end each of those years). (Show all numerical calculations to support your recommendation.)
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started