As data dragnets and information breaches dominate the news, states are scrambling to cash in on a rapidly expanding business sector by offering tax incentives to firms that protect sensitive information from outside attacks.
While ordinary Americans wonder if their private phone calls and emails are being monitored by their government, businesses are concerned that proprietary and sensitive business information could be stolen by competitors — at home and from overseas. State and local governments also are working to tighten safeguards to prevent outsiders from hacking into their information.
“It’s the new global threat, not only to our state and nation, but to the whole world,” said Mark A. Vulcan, program manager at the Maryland Department of Business and Economic Development.
Maryland is breaking new ground with a total $3 million offer of tax breaks to be distributed among cybersecurity startups already in the state or who agree to locate there. While many states include cybersecurity companies in their overall tax incentives for high-tech firms, Maryland’s legislation — proposed by Gov. Martin O’Malley and signed in May — appears to be unique.
What also sets Maryland apart from other states, Vulcan said, is that this tax credit goes directly to the company, not the “angel” investor in that entity, which many other states do.
Analysts say this credit could signal a new wave of action by states trying to cash in on the cybersecurity boom. The $207 billion cybersecurity industry is expected to show “impressive growth” in the next five years, according to Entrepreneur.com.
Consultant Javier Siervo, with the Berkeley Research Group LLC in Washington, D.C., said Maryland may be the only state offering a tax credit specifically for cybersecurity, but the District of Columbia offers incentives to companies that have an office in the District and “derive most of their revenue from technology-related activities.” And nearby Arlington County in Virginia has increased technology zones to encourage tech businesses to move operations to the county.
In Virginia, a statewide program that offers capital gains tax exemptions to tech companies would cover cybersecurity companies as well as other high-tech ventures, according to Cameron Kilberg, the state’s assistant secretary of technology. Under that incentive, the state doesn’t tax any income already taxed by the federal government as a long-term capital gain.
The program began in 2010, Kilberg said, and will continue to 2015, past its original sunset date of 2013, because the state wanted more time to evaluate whether the program was effective.
Some of the nation’s largest defense and security companies are among the top 20 worldwide in the cybersecurity business, including Booz Allen Hamilton Inc. (the company of Edward Snowden, who leaked the National Security Agency’s data dragnet program), General Dynamics, Lockheed Martin, Northrop Grumman and Raytheon among others.
Efforts to give incentives to the cybersecurity industry have come about because of an executive order signed by President Barack Obama directing federal agencies to develop voluntary standards for private-sector industries and propose new mandates if needed. It was aimed at helping governments protect critical infrastructure.