Technology is evolving at an incredibly fast pace. An analog world wasn’t that long ago, when phones stayed on the wall, the internet was in its infancy, and seamless global connection seemed distant. Yet now we can summon cars from the mini computers in our pockets, jump on a real-time video call with someone across the world, and have our refrigerators order our groceries.
But as technology evolves, so do hackers, and cybercrime has quickly become a massive security concern for businesses. According to Interpol, in 2017 cybercrime rose to the top of the black market list, outpacing illicit drug sales, and in 2018 revenues from cybercrime were estimated at over $1.5 trillion. Cybercrime continues to outpace all other black market industries, and Cybersecurity Ventures predicts that cybercrime will now cost global businesses $6 trillion each year.
As a founder, it’s your job to keep your business, its assets, its employees, and its customers safe. It’s also your job to make sure your startup complies with the right security frameworks and policies so that you can keep the companies you sell to safe. Part of that is keeping up with the evolving trends and priorities of cybersecurity, and how new standards — and fears — shape how the world does business.
The following five security trends didn’t exist five years ago but could cause a huge impact on your business operations.
#1 Increased Government Involvement in Data Security
Governments are taking increased measures to hedge against cyberattacks and the erosion of data protection practices. Those measures include updating incumbent standards and rolling out new ones, like the recent implementation of GDPR. Chances are that any enterprise company you work with will be required to continuously comply with certain frameworks — which means you’ll need to keep up as well. When it comes to data, enterprises typically expect that any vendor partner that touches sensitive data will conform to the same standards that the enterprise does.
Does the enterprise you’re selling to need to comply with HIPAA? The CCPA? Even if the enterprise company doesn’t store or access much personal data, they still may have a compliance standard, and companies that work with large amounts of data certainly do. Keep your startup in line with these standards so that you as a vendor can put the enterprise company at ease.
#2 Non-Compliance Lawsuits are a Growing Risk
Is your compliance up-to-date, and have you invested in shoring up your data management systems to comply with industry and regional standards? Enterprise companies are increasing their scrutiny into how airtight vendors keep their data — and you could expose yourself to legal trouble if you “just don’t know.” It’s easy to cut corners and say you’re covered in order to fill in the blanks on a questionnaire from a company’s legal team. But if there was a privacy infiltration and you can’t prove you met the standards you say you did, you could face breach of contract lawsuits, accusations of fraud, or worse.
As was the case in late 2019 when Delta Airlines sued 7.ai, a customer service technology, because of a breach in passenger data. The airlines alleged that not only did 7.ai have weak passwords for its systems, they did not immediately disclose the breach, violating their contract.
#3 Risk is Being Passed Down the Supply Chain
Enterprise companies are being held to higher compliance standards by state, federal, or provincial governance around data safety, which means they’re going to be incredibly careful about who they work with. They understand the likely ramifications of a breach and know that if a breach occurs in their supply chain, it will be associated with them. They want to know that their vendors also hold themselves to the same compliance practices — and will think twice about contracting with a company that doesn’t. Risk is now being pushed further down the supply chain, which means more questionnaires regarding what kind of audits or penetration tests you’ve done, and what kind of documentation you have around compliance with SOC 2, ISO, NIST, or CIS. If you’re not adequately covered, a lack of implementation on your part could cause massive losses for your B2B partners if you expose them to a data breach.
#4 Investors and Boards are Increasingly on the Hook
It seems as if every few months there’s another massive data theft from presumed-to-be secure companies — Twitter, Facebook, Uber, Equifax — which doesn’t go unnoticed by board members and investors, who could be on the hook for such failures.
Capital One’s board found themselves in such a situation when they were specifically faulted by The Office of the Comptroller of Currency, saying the company’s board of directors “failed to take effective actions to hold management accountable.” An oversight that leaked the PII of over 100 million customers and cost the corporation $80 million in penalties.
Once these breaches are uncovered, not only do companies like Capital One have the responsibility to answer to their consumers and shareholders about why they weren’t protected, but they may face government regulatory action as well. Because of this, boards and investors are being more vigilant about data security, increasing scrutiny into their companies, and ensuring sufficient company resources are focused on security and compliance.
#5 New Solutions for an Evolving World
It’s not just large companies that need to be concerned about their data security. Small and medium-sized businesses should keep focused on compliance as well, as hackers see them as easier targets. Legacy systems, spreadsheet tracking, or keeping data exclusively in the cloud is no longer a secure option, and the companies behind the legacy software have failed to produce new solutions for a quickly evolving world. The good news is that young companies are entering the space with fresh innovations, to not only challenge older categories like GRC, but to provide companies flexibility and scalability as they introduce new apps and approaches into the security space.
For a founder, data security today means implementing a plan for compliance, training for employees, adherence to standards, and keeping up with evolving trends. Doing so means you’ll not only be able to answer security questionnaires, but will be able to protect yourself – and your customers – from becoming another headline.