It was recently reported that 2017 has seen the highest rise of cybercrime since the word gained gravitas amongst the security community. Not only that, the attacks have been even more vicious and aggressive – including the infamous Petya and WannaCry breaches – and have posed serious threats to data security. With the upcoming EU GDPR (General Data Protection Regulation) ramping up for a May 2018 debut, cybersecurity should be of the highest priority in the minds of senior management – especially when it implores them to report on data breaches a lot sooner than the current procedures.
However, an Ipsos Mori poll found that only 33% of businesses had any formal cybersecurity policy and only 11% had a protocol for an attack should it happen. But there is one group that may be more at risk than others: STARTUPS. With the massive task of starting a company online, many overlook the intense security features that are needed, or simply believe that nobody would bother attacking them.
According to reports, startups are more at risk of cyber-attacks due to the likelihood of their infrastructure not being as robust as established businesses. It can be difficult to balance the costs of digital security with business expansion costs as a start-up – yet with GDPR looming, it could be one of the wisest investments in order to continue business expansion, and not be left high and dry by a data breach sullying the company’s name. Let’s not forget that GDPR does not only apply to EU-based businesses, but to all businesses that handle data of persons located in the EU.
Adopted on 27 April 2016 by the European Commission, GDPR looks set to standardise data security across the board and give back some power to the people of whom the data is collected through measures such as opting in for data usage as opposed to having to opt out (e.g. with email marketing). While it may only fine businesses 4% of their annual turnover – which may not seem a lot for start-ups – the reputation at stake and potential risks for the entire business may end up ruined.
The Financial Times posits that young businesses assume compliance is just for the financial and personal data stored by big companies, but any company that holds and collects data is accountable, according to this legislation. GDPR places data security at the heart of the business, so even start-ups are required to build their company around the idea of data protection.
But startups are in a better position than established businesses as the GDPR will be at the forefront of their early investment and may even be a facet that inspires more established businesses should their data protection procedures prove strong. Bigger, older companies have had to create their own data protection policies throughout the years, but start-ups almost have a template to follow in order to meet regulations.
While the research shows that startups are at risk – as are established businesses – the silver lining is that they have the chance to rectify this before any data breaches occur. With the government enforcing data protection, it may even offer extra help to ensure fresher businesses are up to code and even monetary incentives to test out future best practices for data protection.