How concerned should startups be about cybersecurity?

Security & GRCFinancial ManagementRisk Management

1- Very worried40%

2 - Somewhat concerned51%

3 - Low priority6%

4 - Not concerned at all1%


838 PARTICIPANTS
5k views1 Upvote4 Comments
CISO, 1,001 - 5,000 employees
If you’re going to collect any kind of data, you should be thinking about how you’re going to protect that data. On our news feed that we have coming in, every day there’s a new new breach that we hear about. Security is a problem and until we have a security-first mindset as a startup, then we’re going to keep having these problems.

And it’s only going to get worse because people are making the same problems that are very easy to fix. For example, they’re not configuring S3 buckets properly or not patching external facing systems properly. People are getting that because of these common issues and then ‘script kiddies’ and people that aren’t experts in security are black-hat hacking or finding issues and sucking down data. People really need to start thinking about problems earlier.
4
CISO in Software, 201 - 500 employees
All of the options may apply, depending on the situation and task at hand. Startups rarely have full-time security personnel. At the same time, there should be security-savvy people who can provide informal guidance and advice and ensure the product is built on secure engineering principles -- and this includes knowing when to worry and when to be relaxed. The systematic approach, governance, policies, security operations and everything can come later when the product proves to be viable, but if the backgrounds are designed poorly, no-one would fix that, ever.
1
CTO in Software, 201 - 500 employees
"Should" doesn't make it so 🙂 Of course it is best if cyber security awareness is there from the very start and best practices are organically incorporated, but for most startups to survive they need to have an almost maniacal focus on the subject matter (product, service, etc.) So, unless cyber security is critical/integral to that pursuit it's not likely to get much attention. It is what it is, not what it should be 🙂
3
Director of Technology Strategy in Services (non-Government), 2 - 10 employees
It's easier to address it from the start than to add it back in later.
2

Content you might like

Intelligent Process Automation (IPA) is the use of technology, such as artificial intelligence and machine learning, to automate and optimize business processes. It aims to improve efficiency, reduce costs, and enhance decision-making. How far along is your company?

Security & GRCEngineeringArtificial Intelligence & Machine Learning (AI/ML)

IPA has significantly improved our operations.7%

IPA has not brought much change to our operations.34%

IPA is very similar to traditional automation in our company.25%

IPA is quite different from traditional automation in our company.10%

Our company had a smooth implementation of IPA.2%

Our company faced some challenges during the implementation of IPA.5%

Our organization has integrated IPA with other technologies such as RPA and BPM.2%

Our organization has not yet integrated IPA with other technologies.8%

We have not yet encountered any significant challenges with IPA.2%

Our organization has automated some processes using IPA.2%


254 PARTICIPANTS
1.4k views1 Upvote1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
46.4k views133 Upvotes323 Comments

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Applications & PlatformsEnd-User Services & CollaborationPeople & Leadership+4 more

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.56%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.9%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


333 PARTICIPANTS
8.8k views9 Upvotes1 Comment

How can infosec leaders/CISOs get their org to shift from a legacy security strategy that’s more compliance-focused to one that’s focused on risk reduction?

Security Strategy & RoadmapRisk ManagementThird Party Risk Management (TPRM)
Read More Comments
572 views2 Comments

How can you design your org’s security policies to more effectively drive awareness?

Security Strategy & RoadmapAwareness & TrainingRisk Management
164 views1 Comment