It is now becoming crystal clear that cybersecurity – beyond good practice and good ethics – is quite simply good business. Following cybersecurity best practices is a problem. In fact, it is an important reason why the issue is still shifting in and out of most boards’ radars. Gut feeling alone does not make for a strong-enough case: Top executives are increasingly asking to show the data. Being able to show key stakeholders in business terms what exactly is the tangible value-added of cybersecurity will be key in finally anchoring the topic at the right level of organizations.
We need to reflect once more on the staggering number of products and vendors active across the cybersecurity space. Many of those products still aim to address security requirements which are as old as security good practices themselves. They should have consolidated years ago and each should be dominated by a few players – in addition to the usual big names – all bound by healthy competition. The situation is often compounded by the fact that many security tools only end up partially deployed, or simply covering a fraction of the estate – functionally or geographically.
Every start-up must understand that the real secret sauce is Trust: In a context of increasing levels of consumer awareness around privacy and data protection, your most valuable asset will be the trust of your customers in your product. Moving fast and breaking things has never created trust. Start-ups must build customer trust from early days by embedding sound security and privacy practices in the products and in their culture. Start-ups must build customer trust from early days by embedding sound security and privacy practices in the products and in their culture.