Remember the infamous documentary ‘Zero Days’? This documentary truly changed the way people perceived cybersecurity, by showcasing the malicious computer worm developed by the US and Israel to sabotage a key part of Iran’s nuclear programme. Stuxnet, the cyberweapon, is widely seen as a leap in nation-state cyber warfare capabilities.
A decade back, an organisation’s technology strategy was only second to business strategy but, today, that has changed drastically. Today, the technology strategy often defines business strategy.
As per the World Economic Forum this year, cybersecurity is the number one worry for CEOs around the world. A data breach does not only have reputation damage, but also has a direct impact on the balance sheet of an organisation. Yahoo is the perfect example. The company lost $350 million in valuation due to the breach, and had to settle on a $4.48 billion deal with Verizon.
Why startups should be worried about security
It would be fair to say that most startups across the world are using technology at the core of their business and have disrupted the way we transact, eat, travel and, at large, our lifestyle. Businesses such as Uber, Airbnb, Zomato, Coursera, and many more have based their business on technology and have made a significant impact in our lives and the global technology landscape. These startups are at the forefront of technology innovation and are collecting extensive data to offer unique services and products. This has resulted in huge interest in the hacker community.
The Uber hack disclosed in 2018 is a clear testament as to why startups need to take cybersecurity seriously. In November 2016, attackers obtained credentials to access Uber’s cloud servers and downloaded 16 large files, including the records of 35 million users across the globe. The hackers could access information of passengers’ full names, phone numbers, email addresses, and the location where they had signed up.
In 2017, data collected by insurance company Zurich reported that 875,000 SMEs across the UK had been affected by a cyberattack in the previous 12 months.
In 2017, SME Boomerang Video was fined £60,000 for leaving itself vulnerable to hack attacks. Similarly, software company PCA Predict has also experienced cyber attacks in recent years. These examples are the tip of the iceberg and showcase the need for businesses to protect virtual interests from any kind of data breach.
In the midst of business chaos and the dream to become a unicorn, startups, most often than not, tend to ignore cybersecurity. To be fair, most organisations, be it a startup or a $100 billion company, lack a culture that prioritises cybersecurity, but a startup is in a unique position to fix this before it impacts their company. When cybersecurity is a priority for the company’s founders and initial team, those norms more easily extend to new team members as the company grows.
There are far more examples of how a lack of a cybersecurity-oriented approach has impacted a business, and with the burgeoning use of technology, cybersecurity is critical to safeguard your reputation and, most importantly, the success of your business.
Key to increasing an organisation’s valuation
Interestingly, a growing trend in the startup community is to use the organisation’s security posture to bargain for higher investments. Globally, investors primarily conducted two forms of due diligence before investing in a company - legal and financial. Today, there is a third aspect to due diligence - cybersecurity.
In the years to come, cybersecurity will be a key measure of an organisation’s true valuation. Companies that regularly engage in risk quantification, conduct proactive and continuous security assessments, and plan ahead will have a clear advantage.
Considering, the sophisticated hacks we have been seeing, coupled with the high cost (both business and reputation) of breaches, cybersecurity readiness and compliance can no longer be ignored in the portfolio valuation; many discerning investors are already looking ahead. For businesses looking to strengthen company valuations, investing time and resources into a strong, foundational cybersecurity strategy is a must.
The road ahead
An increasingly important metric to understand today is the cost of an enterprise data breach. Researchers across the globe are increasingly focusing on this topic to help governments and industries be more informed on this topic. According to the annual Cost of a Data Breach Report by the Ponemon Institute, the cost per lost record for a company in the US averages $242.
As we move ahead, the use of digital will only rise and quantification of risk will become a clear business priority. Can you answer today how much you should spend to be secure? Well, you will be able to answer this question in the near future.
Gartner recently stated that the old heat maps based on qualitative “measurement” that have kept organisations in the dark about the financial impact of cyber events are just not good enough anymore. We need to move to adopt technologies and platforms that provide an easy-to-understand risk score and help C-suites make informed decisions.
Imagine if a C-suite could get a simple-to-understand dashboard, with a macro and micro-level score (between zero and five rating) to gauge the cyber health of the organisation. Wouldn’t it solve all your worries every day?
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)
(Edited by Evelyn Ratnakumar)