The impact of cybersecurity on the growth of startups
Aug 20, 2021
2020 entered history as the worst year for cybersecurity. Ransomware attacks grew by 485%, and phishing scams affected 75% of companies around the world. Preliminary data shows that 2021 is also on track to follow the same path. To give you an idea, in just the first quarter of the year, Brazil suffered 3.2 billion cyberattacks.
A common mistake made by first-time entrepreneurs and startup leaders is believing that these cyber crimes only happen to large companies. This is the so-called 'security through obscurity,' where there is a belief that "if I'm little known, no one will find me, so I won't suffer an attack." This is where the problem lies.
Cybercriminals look for windows of opportunity, periodically and automatically scanning for any company that is exposed, regardless of size.
"Hackers typically avoid corporations with robust security systems and target young companies with little knowledge on how to protect themselves. It’s not about how much your company is worth; they access any information that is available."
PETER VANPEREN
Code Security Professor at NYU
In addition to preventing attacks that can destroy all the data on which your company is built, investing in cybersecurity has a direct impact on other critical aspects for any startup.
A secure startup has a higher valuation
Risk has a direct impact on the valuation of any company. Funds and angel investors commonly investigate whether a business is, in fact, secure from a data perspective. Not investing in data security can negatively impact your company's valuation.
Security incidents destroy a startup's reputation
For a young company, a cybersecurity incident, such as a data leak, can mean a premature death of the business, as it undermines the trust of customers and investors.
Large companies only do business with secure startups
If your startup has a product or service that solves the problems of other businesses, along the path to scale, you will likely offer it to large companies. However, having a cybersecurity infrastructure is one of the requirements many companies impose to close a contract.
LGPD fines can be deadly for a startup
Non-compliance with the General Data Protection Law (LGPD) incurs penalties that range from warnings, fines, and partial or total prohibition of activities. The fine is per infringement, amounting up to 2% of the company's revenue, limited to R$ 50 million. The Brazilian Internet Association (Abranet) has argued for lighter penalties for startups, but this is not yet defined.
Startups that are born and grow securely avoid future incidents and scale faster
Not having a cybersecurity infrastructure and policies from the outset will undoubtedly lead to correction costs in the future. Furthermore, adjusting a company to security standards after it gains traction can cause friction with other areas that already have established processes, delaying growth.