Stock buybacks put CIOs in the hot seat

Charles Dickens’ Tale of Two Cities contrasts London’s order and safety with the chaos and risk of Paris.

Wall Street has its own tale of contrasts: Apple, which represents order and safety, and UnitedHealth Group, which represents — well, it was supposed to be order and safety, too, only it didn’t work out that well.

And therein lies a cautionary tale for all CIOs.

Start with UnitedHealth Group. Unless you’ve been living off the grid for the past few months you know the basics: UHG was hacked, losing as much as 6 terabytes (techspeak for “a lot”) of patient data and creating chaos in the entire healthcare industry.

Do a bit of Googling (or Copiloting?) and you’ll discover that the exploited vulnerability was a bush-league error — failing to institute multifactor authentication on exposed servers. Do a bit more and you’ll read that UHG bought the problem with its acquisition of Change Healthcare. You’ll also read that UHG paid a ransom as part of how it handled the problem.

Now I’m not as sophisticated as UHG’s IT experts, but I’m pretty sure an IT infosec audit is part of the UHG M&A playbook, which suggests the absence of multifactor authentication on Change Healthcare’s servers was a known vulnerability.

Which in turn suggests UHG cheaped out in its takeover processes.

Maybe preventively fixing the problem was too expensive. Uh … no. In Q1 of 2023, UHG spent $3.5 billion in stock buybacks. Now this is just speculation on my part, but I’d bet as much as a quarter that even a small fraction of UHG’s buyback budget would have easily paid for the time, effort, and technology needed to properly harden Change Healthcare’s information infrastructure.

The thing about buybacks

What does this have to do with Apple, and what does Apple have to do with you?

Read some of the fan-person opinionating about Apple’s planned $110 billion stock buyback, but first put on a pair of glass-colored glasses, and you’ll discover a little-mentioned and disturbing aspect of the plan: Apple needed the buy-back because its financial results were too disappointing to sustain its share price. Its 12-month year-over-year revenue was down 0.9%, accompanied by a 2.8% decline in net income.

Short version: Apple’s execs — and we’re talking about Steve Jobs’ management heirs — can’t figure out how to use its cash to increase its revenue and profits.

Apple’s stock buyback, that is, like all stock buybacks, betrays a failure of competitive imagination.

Keep in mind that Apple’s competitors include Samsung, Google, Netflix, Disney, and Amazon, not to mention smaller players like China. Wall Street’s Apple Admiration Society should be asking Tim Cook how its buyback will encourage smartphone buyers to choose iPhones instead of Galaxy S24s; to watch Foundation instead of Only Murders in the Building; and buy iPad Pros instead of Surface Pros.

The CIO so-what test

Given Apple’s status as company with the world’s second-highest market capitalization and second-highest overall profitability it’s hard to be too critical. Its performance might, like so many political polls, be within the boundaries of statistical noise — especially as it upped its 2023 investment in R&D to some $30B.

Still and all, Wall Street’s analysts should be asking Tim Cook how buying its own stock confers advantage across the spectrum of marketplaces it competes in.

But they should be pelting UHG’s CEO Andrew Witty questions with more heat —questions very much like those your CEO should be asking you. Such as:

• Wouldn’t some of this money be better spent improving the company’s infosec risk posture?
• Is IT spending on retiring “Chronodebt“ (my term for what “technical debt” should mean but doesn’t) sufficient?
• And remember your company’s stalled Digital strategy — the one that was going to leverage information technology to increase marketshare, mindshare, and walletshare? Would a few more bucks thrown in its general direction help achieve these laudable but elusive goals?

Look, it’s lovely when the price of a share of stock increases. It’s lovely because it makes those who own shares of stock happy. But that doesn’t make share price a useful metric for evaluating business performance.

It would be if it weren’t for a lovely irony. Yes, an increase in share price should be a useful measure of management performance, because it ought to reflect the expectations of outside industry experts regarding the company’s future profitability. Which in turn should be their assessment of management’s plans for improving competitive advantage.

It would be, too, if only management would refrain from gimmicks like stock buybacks that conceal how the company’s competitiveness will change.

As CIO your responsibility is to formulate plans that will improve expected profitability in the four major areas of bottom-line business value:

1. Revenue: how the IT plan will lead to profitably selling more products and services.
2. Operating costs: how it will reduce the incremental cost of producing a product or service, along with the amortized fixed costs of running the business.
3. Risk management: identifying major risk areas with an aim of prevention (reducing the odds) or mitigation (reducing the damage).
4. Mission: how the plan will deliver the social value that is the business’s reason for being.

And no, accomplishing the mission isn’t some soft and squishy (or warm and fuzzy) outcome. As an example, figure General Motors’ true mission is to sell cars people want to buy. Or, one level of abstraction removed, to provide the most desirable ways for people to get from place to place.

A few years ago, when Digital was all the rage, revenue would have been a logical CIO target in most companies. Now, thanks to the spotlight UnitedHealth shined on it, most CIOs can and should make the case for risk.

Whatever the plan, the biggest risk is to ignore the investment potential of money that’s about to be spent on buybacks.

Because if the best investment a company can make isn’t to get better at doing business, that either means it’s trapped in stasis, so good it can’t improve, or it’s so bad its leaders can’t imagine doing business better than they’re doing right now.