The Deal Thesis Needs a Recovery Assumption

Growth, margin and integration assume systems recover within time and with trustworthy data. Put that assumption in the model.

The answer

Every investment thesis contains an unstated recovery assumption. The model assumes the platform, data, identity and providers can survive failure without consuming the value-creation window.

Every investment thesis contains an unstated recovery assumption.

The model assumes the platform, data, identity and providers can survive failure without consuming the value-creation window. Diligence rarely tests the assumption at the level of the thesis.

Tie recovery to value

Which revenue, regulatory or integration milestone fails if a critical outcome is unavailable for one day, one week or one month?

Value object — The Thesis Recovery Assumption

- Critical outcome.

- Maximum tolerable interruption.

- Recovery and integrity evidence.

- Manual alternative.

- Cash and delay if assumption fails.

- Deal or first-hundred-days response.

Demand demonstration where material

Restore a representative service or record. Verify identity, data integrity and reconciliation, not just backup completion.

If recovery cannot support the thesis timeline, the valuation should not assume it will.

Where this breaks

Recovery is often treated as a generic enterprise capability while the thesis depends on one specific product, data set or integration deadline.

The operating move

Attach a recovery assumption to each major value-creation claim, including integrity, staff availability and provider cooperation.

Name the critical outcome.

Set the tolerable interruption.

Demand current test evidence.

Price failure into timing and cash.

The test

Remove the critical outcome for the assumed recovery period and rerun the investment model. The change shows whether recovery is truly material.

Sources

  1. NIST: Cybersecurity Framework 2.0NIST: Cybersecurity Framework 2.0

    Primary authority

  2. NIST SP 1305: Cybersecurity Supply Chain Risk ManagementNIST SP 1305: Cybersecurity Supply Chain Risk Management

    Primary authority

  3. FINMA: Risk Monitor 2025FINMA: Risk Monitor 2025

    Primary authority

Jonathan P. De CollibusFounding Partner, Svperior / Cyber

Adam J. De Collibus

Adam co-founded Svperior and leads systems engineering from requirements through implementation. His work connects architecture, implementation, deployment, and operating discipline across complex environments where failure must be anticipated and technical capability must remain dependable under pressure.

Systems engineering / Technical architecture / Production operations / Operating resilience

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry
The Deal Thesis Needs a Recovery Assumption \