Broker Check
610-265-4012
LOGIN

Incorporate Cybersecurity Into Building New Business

February 28, 2024

When building a new business, whether as an addition to an existing business or a start-up, it's easy to overlook cybersecurity. An online article by McKinsey & Company (https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/new-business-building-six-cybersecurity-and-digital-beliefs-that-can-create-risk) emphasizes the importance of building resilience into businesses from their creation.

To quote the article, "...when considered up front and built into products by design, cybersecurity can be a product's greatest feature, creating trust and confidence in the minds of consumers that can extend a company's lead in the market". The article identifies six misconceptions that lead businesses to ignore or downplay cybersecurity:

  1. A new business doesn't need "extras" like cybersecurity or risk management. If a concept is mature enough to warrant investment, that investment needs to be protected.
  2. Establishing cybersecurity will delay a business launch. Any delay is worth it to prevent later problems. (To put it another way, pay now or pay later.)
  3. Spending on risk management and cybersecurity is not a guarantee of protection. Every company needs a foundational level of risk management  and cybersecurity. The longer they are unaddressed, the harder and more expensive they are to implement.
  4. Product team leaders understand cybersecurity. They may not be familiar with the latest developments. It's best to consult cybersecurity specialists.
  5. We have a parent company that understands the risk. The parent may not have the needed resources or pay attention to its subsidiary.
  6. The company has tools in place. What it needs is a combination of process, people and technology.       

What are strategies for effective cybersecurity and risk management in a new company?

  • If a concept merits investment, it's worth time to consider and mitigate risks. Early engagement is vital.
  • Make cybersecurity a core element of a business. Use experts to address the risk.
  • Work with a parent company when it makes sense.
  • Risk management and cybersecurity must be embedded from the beginning, with security tested at every stage of development.