This is Part 4 of a guest post series. Check out the other posts in this series on Tax Credits for the Lighting Industry. Views expressed are those of the author/s and the firm they represent. Representatives of R&D Tax Savers have presented at the LightFair Conference in the past.
The Universal Need for Cybersecurity
Almost every firm now has reason to prioritize its own internal cybersecurity. R&D tax credits may be available for product, process and software improvements that enhance cybersecurity.
According to Accenture, 43% of cyber attacks are aimed at small businesses, yet only 14% of such businesses have adequate protection. With an average cost of $200,000 per attack, many businesses are rolling a dangerous pair of dice.
The pandemic has only increased these risks, with remote workforce’s taxing legacy corporate IT infrastructure. “COVID-19 forced organizations to accelerate digital transformation efforts without considering how these efforts might increase cybersecurity exposure,” according to Cybersecurity Consultant Anca Pop-Charles.
Who Are the Attackers?
The list of possible attackers is broad:
- Organized crime
- Not so organized crime
- Law enforcement
- The Government
- A combination of all of the above
Proper Cyber Protection
Proper protection against potential cyber-attacks starts with robust cybersecurity software. The best security providers invest heavily in R&D. VMware, for example, spends roughly $2B annually on software innovation; the firm has also upped its employee count by 50% over the past two years. Palo Alto Networks, meanwhile, has doubled its R&D spend to $800M over that same time.
These numbers reflect how extensively the best cybersecurity firms work to keep up with today’s evolving threats.
Additional provisions should include constant data backup, encryption, cyber awareness training for all employees, and a clear policy for reporting breaches.
Cybersecurity and Lighting Products
Elsewhere on the LightFair blog, Eric Miller, CEO & CTO of Avi-on Labs, identified two aspects of security for lighting companies: IT security and interoperability security.
IT security refers to the customer’s IT infrastructure. Controls, sensors, and other innovations can be a hacking entry point not just to a customer’s energy systems but to other firm systems as well.
For that reason, Miller’s approach heavily emphasizes IT security: “Security plays a central role in our entire strategy, in every aspect of every product – hardware and software.”
Interoperability security refers to the risks posed by integration with lighting products from third parties. Miller recommends vetting any such products through rigorous security protocols.
“We welcome and have many third party devices… but we do require them to go through a review and audit… so that we have a very deep knowledge of the device itself and the code that’s going on…so that when we do let it on our system, we’re confident.” – Eric Miller, CEO & CTO, Avi-on Labs, Conversations on Illumination
The DOE, in its Connected Lighting workshop, notes the following types of lighting industry vulnerabilities:
- Default passwords and settings
- Encryption (improperly implemented)
- Ports (debugging)
- Supply chain (spare parts)
- Poorly written code
- Operating system flaws
- Application flaws
- Publicly available information (patents)
- Insider information
- “Lights out Management” / Remote management
- Over the wire updates
The lighting industry needs to realize that one of the largest cyberattacks in U.S. history can throttle a building control system. In the year 2013, Target, the large retailer, experienced an HVAC controls system attack that impacted 41 million consumers.
A cybersecurity attack can severely damage your own lighting business or your customer’s business. Many leading companies now require vendors to have cybersecurity insurance and to meet minimum cybersecurity protection levels. This means that protecting your lighting business may enable a lighting product seller to obtain more business.
R&D tax credits may be available for product, process and software improvements that enhance cybersecurity.
Cybersecurity: R&D Tax Credit Opportunity
In addition to new and improved lighting product design, lighting firms can receive R&D tax credits for qualifying cybersecurity improvements.
When a lighting company improves its internal cybersecurity infrastructure, time spent customizing the system to meet specific needs and integrating with existing systems can typically qualify. Such improvements qualify as ‘process improvements’ under the law. Likewise, security enhancements to a firm’s lighting products typically qualify as ‘product improvements’ when novel to the firm and when technical in nature.
A brief overview of the R&D Tax Credit is described below.
Enacted in 1981, the now permanent Federal Research and Development (R&D) Tax Credit allows a credit that typically ranges from 4%-7% of eligible spending for new and improved products and processes. Qualified research must meet the following four criteria:
- Must be technological in nature
- Must be a component of the taxpayer’s business
- Must represent R&D in the experimental sense and generally includes all such costs related to the development or improvement of a product or process
- Must eliminate uncertainty through a process of experimentation that considers one or more alternatives
Eligible costs include US employee wages, cost of supplies consumed in the R&D process, cost of pre-production testing, US contract research expenses, and certain costs associated with developing a patent.
On December 18, 2015, President Obama signed the PATH Act, making the R&D Tax Credit permanent. Since 2016, the R&D credit can be used to offset Alternative Minimum Tax (AMT) or companies with revenue below $50MM and, startup businesses can obtain up to $250,000 per year in cash rebates that can be applied directly to payroll taxes.
Cybersecurity must be emphasized and addressed by all companies. The landscape is constantly changing and proactive involvement in protecting your company will prevent devasting damage both internally and externally towards customers.
In the lighting industry, it is critical to strategize cybersecurity methods for both hardware and software to minimize risks in entry points and reduce overall exposure from highly damageable breaches.
Consider consulting with an R&D tax credit expert to explore how you can take advantage of this tax credit as a professional or business in the lighting industry.