×




Autopsy of a Data Breach: The Target Case Net Present Value (NPV) / MBA Resources

Introduction to Net Present Value (NPV) - What is Net Present Value (NPV) ? How it impacts financial decisions regarding project management?

NPV solution for Autopsy of a Data Breach: The Target Case case study


At Oak Spring University, we provide corporate level professional Net Present Value (NPV) case study solution. Autopsy of a Data Breach: The Target Case case study is a Harvard Business School (HBR) case study written by Line Dube. The Autopsy of a Data Breach: The Target Case (referred as “Breach Cybercriminals” from here on) case study provides evaluation & decision scenario in field of Leadership & Managing People. It also touches upon business topics such as - Value proposition, IT, Security & privacy.

The net present value (NPV) of an investment proposal is the present value of the proposal’s net cash flows less the proposal’s initial cash outflow. If a project’s NPV is greater than or equal to zero, the project should be accepted.

NPV = Present Value of Future Cash Flows LESS Project’s Initial Investment




Case Description of Autopsy of a Data Breach: The Target Case Case Study


This case revisits the events in late 2013 that gave rise to what was at the time the largest breach of confidential data in history. Indeed, on December 19, 2013, Target announced that its computer network had been infiltrated by cybercriminals who stole 40 million debit and credit card numbers as well as the personal information of some 70 million additional customers. The case presents the cybercriminals' activities leading up to the breach, details of the commission of the theft, the measures that Target had put in place to deter such attacks, its ill-fated response during the attack and, finally, the impact of the breach on Target as well as on the retail industry as a whole.


Case Authors : Line Dube

Topic : Leadership & Managing People

Related Areas : IT, Security & privacy




Calculating Net Present Value (NPV) at 6% for Autopsy of a Data Breach: The Target Case Case Study


Years              Cash Flow     Net Cash Flow     Cumulative    
Cash Flow
Discount Rate
@ 6 %
Discounted
Cash Flows
Year 0 (10003078) -10003078 - -
Year 1 3469518 -6533560 3469518 0.9434 3273130
Year 2 3975936 -2557624 7445454 0.89 3538569
Year 3 3974535 1416911 11419989 0.8396 3337096
Year 4 3226609 4643520 14646598 0.7921 2555777
TOTAL 14646598 12704572


The Net Present Value at 6% discount rate is 2701494

In isolation the NPV number doesn't mean much but put in right context then it is one of the best method to evaluate project returns. In this article we will cover -

Different methods of capital budgeting


What is NPV & Formula of NPV,
How it is calculated,
How to use NPV number for project evaluation, and
Scenario Planning given risks and management priorities.




Capital Budgeting Approaches

Methods of Capital Budgeting


There are four types of capital budgeting techniques that are widely used in the corporate world –

1. Payback Period
2. Net Present Value
3. Profitability Index
4. Internal Rate of Return

Apart from the Payback period method which is an additive method, rest of the methods are based on Discounted Cash Flow technique. Even though cash flow can be calculated based on the nature of the project, for the simplicity of the article we are assuming that all the expected cash flows are realized at the end of the year.

Discounted Cash Flow approaches provide a more objective basis for evaluating and selecting investment projects. They take into consideration both –

1. Timing of the expected cash flows – stockholders of Breach Cybercriminals have higher preference for cash returns over 4-5 years rather than 10-15 years given the nature of the volatility in the industry.
2. Magnitude of both incoming and outgoing cash flows – Projects can be capital intensive, time intensive, or both. Breach Cybercriminals shareholders have preference for diversified projects investment rather than prospective high income from a single capital intensive project.




Formula and Steps to Calculate Net Present Value (NPV) of Autopsy of a Data Breach: The Target Case

NPV = Net Cash In Flowt1 / (1+r)t1 + Net Cash In Flowt2 / (1+r)t2 + … Net Cash In Flowtn / (1+r)tn
Less Net Cash Out Flowt0 / (1+r)t0

Where t = time period, in this case year 1, year 2 and so on.
r = discount rate or return that could be earned using other safe proposition such as fixed deposit or treasury bond rate. Net Cash In Flow – What the firm will get each year.
Net Cash Out Flow – What the firm needs to invest initially in the project.

Step 1 – Understand the nature of the project and calculate cash flow for each year.
Step 2 – Discount those cash flow based on the discount rate.
Step 3 – Add all the discounted cash flow.
Step 4 – Selection of the project

Why Leadership & Managing People Managers need to know Financial Tools such as Net Present Value (NPV)?

In our daily workplace we often come across people and colleagues who are just focused on their core competency and targets they have to deliver. For example marketing managers at Breach Cybercriminals often design programs whose objective is to drive brand awareness and customer reach. But how that 30 point increase in brand awareness or 10 point increase in customer touch points will result into shareholders’ value is not specified.

To overcome such scenarios managers at Breach Cybercriminals needs to not only know the financial aspect of project management but also needs to have tools to integrate them into part of the project development and monitoring plan.

Calculating Net Present Value (NPV) at 15%

After working through various assumptions we reached a conclusion that risk is far higher than 6%. In a reasonably stable industry with weak competition - 15% discount rate can be a good benchmark.

Years              Cash Flow     Net Cash Flow     Cumulative    
Cash Flow
Discount Rate
@ 15 %
Discounted
Cash Flows
Year 0 (10003078) -10003078 - -
Year 1 3469518 -6533560 3469518 0.8696 3016972
Year 2 3975936 -2557624 7445454 0.7561 3006379
Year 3 3974535 1416911 11419989 0.6575 2613321
Year 4 3226609 4643520 14646598 0.5718 1844824
TOTAL 10481496


The Net NPV after 4 years is 478418

(10481496 - 10003078 )






Calculating Net Present Value (NPV) at 20%


If the risk component is high in the industry then we should go for a higher hurdle rate / discount rate of 20%.

Years              Cash Flow     Net Cash Flow     Cumulative    
Cash Flow
Discount Rate
@ 20 %
Discounted
Cash Flows
Year 0 (10003078) -10003078 - -
Year 1 3469518 -6533560 3469518 0.8333 2891265
Year 2 3975936 -2557624 7445454 0.6944 2761067
Year 3 3974535 1416911 11419989 0.5787 2300078
Year 4 3226609 4643520 14646598 0.4823 1556042
TOTAL 9508452


The Net NPV after 4 years is -494626

At 20% discount rate the NPV is negative (9508452 - 10003078 ) so ideally we can't select the project if macro and micro factors don't allow financial managers of Breach Cybercriminals to discount cash flow at lower discount rates such as 15%.



Acceptance Criteria of a Project based on NPV

Simplest Approach – If the investment project of Breach Cybercriminals has a NPV value higher than Zero then finance managers at Breach Cybercriminals can ACCEPT the project, otherwise they can reject the project. This means that project will deliver higher returns over the period of time than any alternate investment strategy.

In theory if the required rate of return or discount rate is chosen correctly by finance managers at Breach Cybercriminals, then the stock price of the Breach Cybercriminals should change by same amount of the NPV. In real world we know that share price also reflects various other factors that can be related to both macro and micro environment.

In the same vein – accepting the project with zero NPV should result in stagnant share price. Finance managers use discount rates as a measure of risk components in the project execution process.

Sensitivity Analysis

Project selection is often a far more complex decision than just choosing it based on the NPV number. Finance managers at Breach Cybercriminals should conduct a sensitivity analysis to better understand not only the inherent risk of the projects but also how those risks can be either factored in or mitigated during the project execution. Sensitivity analysis helps in –

Understanding of risks involved in the project.

What are the key aspects of the projects that need to be monitored, refined, and retuned for continuous delivery of projected cash flows.

What will be a multi year spillover effect of various taxation regulations.

What are the uncertainties surrounding the project Initial Cash Outlay (ICO’s). ICO’s often have several different components such as land, machinery, building, and other equipment.

What can impact the cash flow of the project.

Some of the assumptions while using the Discounted Cash Flow Methods –

Projects are assumed to be Mutually Exclusive – This is seldom the came in modern day giant organizations where projects are often inter-related and rejecting a project solely based on NPV can result in sunk cost from a related project.

Independent projects have independent cash flows – As explained in the marketing project – though the project may look independent but in reality it is not as the brand awareness project can be closely associated with the spending on sales promotions and product specific advertising.




References & Further Readings

Line Dube (2018), "Autopsy of a Data Breach: The Target Case Harvard Business Review Case Study. Published by HBR Publications.