In 2016, a young sales intelligence firm, Apollo, emerged from Y Combinator against a backdrop of flashy PR and projected growth. Reveling in their nascent celebrity, Apollo went so far as to boast on their homepage that "no one ever drowned from revenue." But it was not revenue that they drowned in when, late last summer, Apollo's databases were hacked, releasing 212 million contact listings, containing nine billion data points, onto the dark web.
Today, Apollo remains under European litigation for possible violations of GDPR. Don't be like Apollo.
Time and again, researchers find that cyberthreats remain one of the greatest risks facing SMEs, with "60% of small businesses folding within 6 months of a cyberattack." This is hardly surprising when Kaspersky Labs estimates the average cost of a data breach for small businesses is in excess of 6 figures. Couple this with the fact that nearly half of all small businesses have suffered at least one cyberattack in the past year, and it's clear that we have a recipe for disaster.
And yet, in the face of cyber threats, SMEs continue to struggle for even minimal preparedness. According to Hiscox, a full 7 out of 10 organizations remain unprepared in the event of a cyberattack. Every startup is familiar with the endless meetings around branding and user growth, but when was the last time you've met to discuss cybersecurity? The simple reason for this is that most incubators/accelerators specialize in business development and financing, but lack the resources or expertise to create a robust cyber strategy. The solution? Vastly increased cooperation between incubators/accelerators and their cybersecurity partners.
Still not convinced? Here is what will happen once your incubator/accelerator incorporates cybersecurity into its core mission:
Privacy by Design
In order to properly protect your portfolio (not to speak of your investors), it is important to approach cybersecurity with what the GDPR terms, "privacy by design". In essence, this means that security that remains an afterthought, as something that is external to the core business, will always produce inadequate results. [Elsewhere, I debunk the startup myth that says that "security is not part of our MVP."]
But startups can only manage to create a viable and secure product if they have the support of their investors and partners along the way. In order for cybersecurity to be effective, it has to be baked into the DNA of the software. For that to happen, founders and investors need to be on the same page regarding the value of security, a paradigm shift that must be led by incubators and accelerators.
Which investor doesn't love to hear that their investment is protected by an additional layer of dedicated security? Or, how about those startups you've been courting? Silent Breach has found that startups working in fintech and biotech are particularly concerned with data privacy and security. Including regular PenTests and GDPR reviews into your suite of featured services will not only protect your current portfolio, but will even help you grow it further.
Let's face it. Startups are fragile. But as their mentors, incubators/accelerators are in a position to manage that risk. The choice is yours.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services for Fortune 500 companies. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and Internet of Things (IoT) industries.