The importance of cybersecurity for startups
As startups become more funded and handle more valuable data and transactions, they are more vulnerable than ever to the risk of data breaches. But there may be an upside: Startup founders can use this to their competitive advantage.
First, the unwanted news. Following market news, we can already see how cyber-attacks can harm startups. Here are two of many recent examples:
- Company 1 successfully raised a Series A investment round. Subsequently, it had a large amount of data that was inadvertently breached publicly. Losing the trust of customers and investors, it was unable to raise additional funds.
- Company 2 was planning an IPO. Prior to the stock offering, its customers expressed concern about anomalies in the company’s software. The leadership attributed it to poor security practices by its users and did not investigate. It later discovered that a hacker had breached its network, triggering a massive and difficult incident response and platform evaluation that was expensive and delayed the company’s IPO.
To stop these threats, founders, boards and leaders of startups need to change their approach to cybersecurity. For years, they’ve foregone investment in secure software development, compromised on data security, and put things in the cloud without worry. They need to start thinking strategically, like Apple.
Be like Apple
In April 2021, Apple made the unprecedented move to launch App Tracking Transparency (ATT), which gave iPhone users the ability to opt out of allowing apps to track and share information. The initial indication is that most users are using it, and as a result, companies like Meta (Facebook), Snap and Peloton have reported that Apple is really impacting their revenue.
More importantly, app tracking transparency has allowed Apple to be seen as the most secure and private mainstream phone on the market. And positioning matters.
Apple’s position as the most secure solution will continue to resonate with customers. In a recent informal survey conducted on LinkedIn, 50% of respondents said they would likely trust Apple to maintain their privacy and security in the metaverse. Only 2% voted on Facebook.
As a startup leader, how do you make cybersecurity and privacy strategic for your organization?
First, treat cybersecurity as a capability, not a cost. This small difference takes you from the mindset of minimizing costs to optimizing investment. It’s about what processes and datasets you need to protect and differentiate yourself.
Second, it’s time to hire a real chief information security officer. Giving that role to your vice president of engineering is an insult. It’s also unrealistic to expect your experience to extend to cybersecurity.
Third, define and establish strategic cybersecurity objectives at the board level. Create goals, not a dashboard of security metrics that you will achieve to develop your features. Define what it means to be the most secure and private solution and define that as your goals.
Fourth, step up to writing security into your value proposition. Start outlining and distinguishing exactly how your solution is different and help your sales organization understand how to position security as a tangible customer benefit.
Finally, make security a product feature and build privacy and security into your product roadmap. For a long time, security and privacy were a trade-off for time to market. It’s time for your development team to treat it as a requirement, not an option.