Strategic Moats
What makes a business impossible to kill?
Warren Buffett scores moats by asking one question: what stops a well-funded competitor from taking your business? The answer breaks into nine distinct defenses. Score 5 or more and the castle holds.
This is why the Tight Five always asks "What do you control?" — your platform IS your moat inventory. Higher platform, deeper moat. Every capability you own that competitors must build from scratch is a defense that compounds.
The Nine Moats
| # | Moat | What It Means | Example |
|---|---|---|---|
| 1 | Network Effects | Each user makes the product more valuable for every other user | Slack, Ethereum, LinkedIn |
| 2 | Switching Costs | Leaving costs more than staying — data, workflows, retraining | Salesforce, SAP, AWS |
| 3 | Data Moat | Proprietary data that improves the product and cannot be replicated | Bloomberg Terminal, Waze |
| 4 | Brand | Trust and recognition that commands premium pricing | Stripe, Notion, Figma |
| 5 | Economies of Scale | Unit costs drop as volume grows — infrastructure amortizes | Google Cloud, Cloudflare |
| 6 | Embedding | Product becomes part of the customer's infrastructure — ripping it out breaks things | Twilio, Stripe API, Auth0 |
| 7 | Ecosystem | Third-party developers build on your platform — their investment locks users in | Shopify Apps, Salesforce AppExchange |
| 8 | Physical Infrastructure | Controlling atoms — land, sensors, buildings, equipment — that software alone cannot displace | Helium (hotspots), DIMO (vehicles), Hivemapper (dashcams) |
| 9 | Regulatory | Licenses, certifications, or compliance barriers competitors must clear | Plaid (banking), Palantir (clearance) |
Scoring Guide
Score each moat 0 (absent), 1 (emerging), or 2 (strong). Sum all nine.
| Total | Verdict | Action |
|---|---|---|
| 14-18 | Fortress | Widen. Invest in the strongest moats. |
| 9-13 | Defensible | Deepen. Convert emerging moats to strong. |
| 5-8 | Vulnerable | Choose. Pick 2-3 moats and commit. |
| 0-4 | Exposed | Rethink. No defensibility means no margin. |
The 5+ rule: A business with five or more active moats (score >= 1) is structurally secure. Below five, any well-funded competitor can replicate the product.
How Moats Compound
Moats reinforce each other:
Physical Infrastructure → Data Moat → better product → Network Effects → more data
↓ ↓ ↓
Regulatory ←───── Switching Costs ← Embedding ← Ecosystem
The strongest companies stack moats. Stripe has embedding + ecosystem + brand + switching costs. That's four before they write a line of new code.
DePIN flips the script — physical infrastructure generates proprietary data that pure-software competitors cannot access. Sensors on farms, dashcams on roads, meters on buildings — atoms create the data moat that bits defend. Industries sitting on underutilized physical assets are the ripest targets for data-driven decisions that compound into defensibility.
Score Your Business
| # | Moat | Score (0-2) | Evidence |
|---|---|---|---|
| 1 | Network Effects | ||
| 2 | Switching Costs | ||
| 3 | Data Moat | ||
| 4 | Brand | ||
| 5 | Economies of Scale | ||
| 6 | Embedding | ||
| 7 | Ecosystem | ||
| 8 | Physical Infrastructure | ||
| 9 | Regulatory | ||
| Total | /18 |
For each moat scored 0: what would it take to build it? For each scored 1: what converts it to 2?
Context
- Moat Principles — Why moats matter and how they erode
- Positioning Strategy — Where you sit in the market's mind
- Business Models — How value flows through the business
- Network Effects — The strongest digital moat
- DePIN Models — Decentralized physical infrastructure
- Construction — Buildings as data-generating assets
- Manufacturing — Factory floors generating proprietary data
- Agriculture — Farms as sensor networks
- Real Estate — Land and property as physical moat
Questions
How do you build a moat before you have scale?
- Which moat type compounds fastest for your specific business model?
- When does a moat become a prison — locking you into a market that's shrinking?
- What happens when AI commoditizes the moat you depend on most?
- Which industries sit on physical assets generating data that nobody is capturing yet?