Transform 2022 is coming back to life! We’re excited to have it in person on July 19th and virtually on July 20th. Get connected with data and AI leaders to hear insightful talks and network. Register now!
Many startups – and small businesses, for that matter – don’t invest in a chief information security officer (CISO) or equivalent. In fact, recent research from Navisite demonstrates the small business cybersecurity leadership gap, noting in its “Cybersecurity Leadership and Readiness” report [subscription required]:
“When evaluating the lack of cybersecurity leadership by size of organization: the smaller the organization, the more likely that organization is operating without a CISO/CSO. Among the largest enterprises with 5,000 or more employees, only 10% indicated they did not have a CISO/CSO, compared to mid-sized organizations at 52% and small organizations at 64%.”
If you’ve spent any time in the startup or small business world, this likely won’t come as a surprise to you. This size company is focused on one goal: getting their product/service to market quickly and efficiently. The development of product/services and the implementation of go-to market (GTM), strategies are what consume time, budgets, and resources. CybersecurityAs an afterthought.
And, cybersecurity often becomes an after-the-fact “add-on” because many companies mistakenly view it as a cost center and business inhibitor rather than what it has the potential to be: a profit driver.
But, you should know that if you’re running a startup or small business but not investing in a CISO, you’re doing your company more harm than good.
Cybersecurity as a profit driver
Businesses can make a profit by having CISOs to keep them safe. cyberattacks. Small businesses and startups are now just as vulnerable to attacks as large companies. And, regardless of company size, the aftermath can be devastating – financial loss, customer loss, damaged reputation and much more.
Many businesses of this size are forced to close their doors or find it difficult to survive after an attack. ResearchAccording to the National Cybersecurity Alliance, 60% of small and medium-sized businesses close within six months of a cyberattack. For this fact alone, a CISO has the power to keep your business afloat – or conversely, failure to invest in this security leadership role could spell the end for your company.
Beyond this, CISOs can also be a profit generator in other ways. These are three ways you can help your business succeed today.
1. From the ground up, create a culture that promotes security.
Many startups don’t think about security. They’re solely focused on building their product or service and getting it to market. Everyone has easy access to everything. Assets are everywhere and there is no security policy. Essentially, it’s the “Wild West” of security.
However, this can be problematic as employees are the first line to defend against cyberattacks. And, if they aren’t trained from the beginning to prioritize security and follow good cyber hygiene (e.g., thinking twice before clicking a suspicious link or opening an attachment from an unknown source, avoiding password reuse, etc.), then it’s going to be extremely difficult to course-correct when your company is ready for prime time.
Investing in a CISO early on eliminates challenges surrounding the “human element” by providing an opportunity for startups to build a culture of security from the start, so cybersecurity grows alongside the organization. This means making sure employees embrace a “security-first” mentality in all they do, ensuring employees – from the executive suite to the mailroom – understand how their decisions impact the company’s security posture, and implementing “security by design” controls and processes that adapt and grow with the business.
CISOs who do their job well will ingrain cybersecurity in the company’s culture from day one to reduce enterprise risk, ensure continuous and seamless business operations and position the company for long-term success.
2. GTM Processes Expedited
Let’s face it, there are a lot of negative connotations associated with the CISO role today. Because they view CISOs as a hindrance to their ability to operate, business teams often resist CISOs. And, company leaders think CISOs are solely in the business of saying “no.”
Contrary to these widespread misperceptions, though, CISOs aren’t there to say, “we can’t do this”; but rather, “we can do this, and this is how we can do it securely.” And, when this optimal balance between business agility and security is achieved early on, GTM processes can be accelerated when your product is ready for the market.
Startups that offer a product or service may have the best engineers, but not the security professionals. Employing a CISO can give the company the insight it needs to improve product security and success in the development stage, so product launches aren’t delayed at the GTM phase.
CISOs are able to find ways to speed up the process. Compliance with regulatory requirements, such as with SOC 2 or PCI-DSS requirements, so they don’t become roadblocks when negotiating early deals.
3. Prevent technical debt.
It’s not unusual for startup and small business leaders to keep adding new tools to their technology arsenal whenever they think it’ll help them achieve their GTM goals. However, this can cause complex IT infrastructures to become a hindrance to business operations and increase technical debt. This could cost the company millions of dollars.
The long-term goal of any startup or small company is achieving hyperscale growth, and while initially, you may be able to get by without cybersecurity, neglecting it isn’t a sustainable option. At some point, you’re going to have to take a step back and clean up the mess – and that’s going to be a tough job if your company suffers from technology sprawl.
Employing a CISO from the get-go can help keep your company honest, so you’re using only the minimum number of technologies required to maintain business agility (while remaining secure). This can have a significant impact on the bottom line as it can prevent technical debt from developing in the early stages. It can also help to save money over the long-term. Your IT infrastructures will not get out of control if your team has a minimalist mindset when it comes technology and the processes required to complete a job.
Cybersecurity is intertwined with business
All of this aside, let’s not forget that, at the end of the day, security is a business problem. So, if you don’t have a CISO to ensure a strong cybersecurity posture, then you’ll not only have security issues, but business challenges, too. CISOs that help their company move the business needle — without compromising security — become the much-needed profit driver that propels success across the board. As more CISOs show business value, the 64% number representing small businesses that do not have a CISO will hopefully drop dramatically.
Neal Bridges is CISO Query.AI
VentureBeat welcomes you!
DataDecisionMakers is a place where experts, including technical people, can share data-related insights, and even invent new ways to use them.
DataDecisionMakers offers cutting-edge information, the most up-to date information, best practices and the future data and technology.
You might even consider Contributing an article of your own!