Are ROE, ROCE, ROA the Only Metrics for Investors?

Protecting Critical IT Assets Becomes More Important as Investors Look beyond Traditional Metrics

For any publicly traded company or a private organization, creating long-term shareholder value remains a top priority. When a company consistently creates value, it’s easier to attract investments both for the organic or inorganic growth.

Accordingly, the management always strive to improve key business metrics, which offer an exact picture of the fundamental strength of a company.

Traditionally, investors have focused on Return on Equity (ROE), Return on Capital Employed (ROCE), Return on Assets (ROA) and other such financial metrics. But in the data driven, digitalized world, these metrics only give a partial picture.

As a result, investors these days are looking beyond traditional metrics. They are looking at how companies protect their Critical IT assets. This hardly comes as a surprise.

In the recent years, a spate of high-profile data-breach incidents, involving Fortune 500 companies such as Target Corporation and Sony have raised questions over IT security issues. Compromised IT security systems allow hackers to steal highly sensitive data, which not only inflicts material financial losses and hurts productivity but also dents the brand image.

Besides, the regulatory and compliance landscape supporting the cybersecurity has also become more stringent across the world in the wake of a sharp increase in cyberattacks.

In Japan, although the legal framework supporting cybersecurity is one of the robust in the region (Basic Law on Cybersecurity, 2014 & State Secrets Law, 2013), the government is developing much stronger legislation on Cybersecurity Strategy, in the wake of recent cyberattacks, especially involving theft of personal data. In the Philippines, The sec. 4 of the Cybercrime Prevention Act particularly emphasizes at protecting critical infrastructure and data base. In Africa, The South African Cybersecurity Policy Framework aims at strengthening of intelligence collection, investigation, and prosecution of cybercrime, including protecting the critical information and infrastructure, while in Kenya, the lawmakers are developing Data Protection and Cybercrimes, Computer related Crimes Bill, to make sure thatproper technical and organizational measures exist to safeguard the critical IT assets.

In this backdrop, it is not surprising that investors now pay a very close attention towards the IT security infrastructure. According to FTI Consulting, 79% of the investors it surveyed said they would be disinclined to invest in companies that have historically suffered a material data-breach, underscoring that no matter how good a company might be in terms of traditional metrics, a compromised IT security system or weak cyber-defenses will hurt a company’s ability to raise capital for the future growth.

To put it simply, protecting critical IT assets is crucial for protecting and even enhancing shareholder value.

ARCON provides state-of-the-art technology aimed at mitigating information systems related risks thereby enabling organizations to comply with Governance, Risk Management and Compliance (GRC) requirements. The company, in particular, is known for its unique Privileged Identity Management/Privileged Access Management solution, which helps deter the misuse of ‘privileged identities’.

Learn more about us at


Request A Demo

Feel free to drop us an email, and we will do our best to get back to you within 24 hours.

Become A Partner

Feel free to drop us an email, and we will do our best to get back to you within 24 hours.