Tuesday, May 7, 2024
I’ve been thinking about your DNA, and mine too. Something might have missed last October is the direct-to-consumer genomic testing company 23andMe fell victim to a cyber-attack. It’s also true that the company once valued at $6 billion is now valued at roughly $0. Those things are both related and unrelated, but it’s an interesting story.
In case you aren’t entirely familiar, 23andMe set out to solve a problem. The problem, as they saw it, was that genetic testing is not yet routinely used to understand potential health futures for most Americans. They believed our health care system is instead a sick-based system, and they set out to help monetize wellness instead.
For the low price of $100 for basic ancestry information, or for an additional $100 purchase of health reports, anyone who spit into a tube could find out interesting familial information and genetic pre-dispositions for certain health factors. For a time, it was quite the popular thing to do. You provided your DNA data to one of a handful of companies, and they provided interesting information about you in return. You might remember some discussion of how many people were surprised to find out they had a percentage of Ashkenazi Jewish lineage that was previously unknown to them. Many long-kept family secrets tumbled out into the open, and a prolific serial killer was even apprehended based on familial DNA comparison samples.
Beyond the novelty and surprise, initial revenue projections for 23andMe were modest, as there was a lack of repeat business problem.
However, recognizing the value of large data sets, the company set about to broaden revenue streams by adding a subscription service for consumers who wanted pay an annual membership fee, in exchange for updated health reports pertaining to their individual genetic risk profiles. The company also shopped their entire data sets to medical researchers and drug companies for use in research and development in pursuit of new drug therapies.
There was one problem. Well two, actually. First, too few consumers were interested in paying the company annually for a subscription. Second, the data set proved too concentrated in certain European-based ethnicities while significantly lacking in others. It wasn’t practically as useful (or valuable) as anyone had hoped. So, the company took up an initiative in certain African countries, offering the kits for free, to broaden out the dataset.
It also explored contracts and agreements with some drug companies that resulted in the long pursuit of taking several new drug candidates through the FDA process of clinical trials, based on the data. The hope was that one or two of them might receive approval and explode, eventually, in the market. That approval process takes years of study and no small amount of money.
In the meantime, 23andMe was not profitable. They were still active in the data collection and consumer product phase of operations. However, that line of business did not provide enough revenue to sustain the company through the R&D years for the FDA approval of new drugs.
In tech, this is called “running out of runway.” In short, it’s a situation that develops when initial capital investments, and sometimes even subsequent rounds of capital raises, aren’t enough to see the company through to a state of profitability. Venture capitalists spread money around, taking a gamble on many different companies. As we’ve seen, you never know what the next big thing will be. Yet, these investors can often run out of patience and move on before the big hit of profitability is achieved.
At the beginning of 2024, it was estimated that 23andMe’s market valuation was roughly equal to its cash on hand. Reports are that its founder is considering buying the company shares back, taking it back to private status, while awaiting the FDA process to complete on the potential new drug therapies its data set helped to research and develop.
Back to that data breach. It wasn’t immediately clear whether actual DNA sequencing records were involved in the theft.
23andMe now says core DNA data was not involved, but that information contained in a network of DNA relatives was compromised. For those who were impacted, that meant their ancestry reports and matching DNA segments, their ancestry birth locations and family names, their picture, birth year, family tree diagram and any information they wrote on the “Introduce Yourself!” section of the familial network platform was stolen from the company. Just imagine what someone could do with that.
You have to wonder what residual value the company retains, given the loss of whatever data was in fact purloined. At minimum, you have to wonder what, if any, value remains beyond the successful launch of the prospective new drugs it helped developed based on the data they collected and held.
Here’s where we get to the value of large data sets. We’re starting to see the rapid emergence of artificial intelligence (AI) tools. If you haven’t seen the valuations of companies who are on the cutting edge of the AI revolution, take a look. The valuation for companies like Alphabet, Google, Amazon and others who hold vast amount of consumer data are currently high performers. AI and Ozempic-like drugs are becoming real factors in economic models for the near future. Currently, it doesn’t appear there is any way to overstate their impact on life as we know it. What does AI need to be viable? Large data sets on which to train them.
So, as you’re consuming tech-based products out in the world, please be aware that in many cases, you are contributing to large data sets that will be used … at a minimum about you, if not against you, at some point. If you believe the service you’re getting today is valuable enough offset to the trade-off tomorrow, that’s good. But considering the story of 23andMe, should you be paying the data collector for the privilege of collecting it? Should there ever come a time that they owe you anything back for your contribution if they hit their giant payday? The founder of 23andMe said her plan was to start thinking about that possibility in about 10 years once profitability is achieved by the company. It isn’t part of the business plan today.
You might find it interesting to know that the Pentagon has advised military members against using at-home DNA kits due to security concerns. There are also concerns about health insurers using the information for decision making regarding patient coverage and allowed treatment plans. Given the growing use of voice and video simulations, how more likely a victim would your family members become if the AI simulation seemed to confirm identity details by incorporating some of this very private 23andMe stolen information into the script? That scenario would make someone knowing your mother’s maiden name seem like child’s play.
It’s also worth considering what happens if the provider collapses. In the case of 23andMe, the information at stake is the map of every genetic detail that makes you, you. Usually if a company goes under, their assets are sold to the highest bidder. Who might be interested in that?
Surely no one has any interest in knowing, for example, if you have a small percentage of Ashkenazi Jewish ancestors in your bloodline, right?
Go carefully, my friends. Go advisedly. And before you go, let me just ask you one more question: what information is the equivalent of the DNA of your company?
Until next time,
Mary Schuster
Chief Knowledge Officer
October Research, LLC