Why startup CEOs should care about cyber security
The data breach that Target suffered around Thanksgiving last year has finally worked its way up to the top of the organizational totem pole. A couple of weeks ago, Target’s CEO Gregg Steinhafel lost his job a result of the cyber security shortcomings that cost the company a ton money. Given the sheer size of the breach, the estimated costs to all parties involved could reach into the billions. Steinhafel is the first CEO to be fired from a major corporation over a cyber security issue.
Of course the implications aren’t identical for the startup community, but they do still translate in important ways. For one, nobody likes losing money because of the failure to address risks that can [quite easily] be mitigated. Layered encryption, cyber liability insurance, and appointment of a Chief Information Security Officer (which target doesn’t have) can go a long way in this area.
While the ramifications may be more severe when you have millions of shareholders, this doesn’t make your handful of institutional investors happy either. In a way, you can equate the stock price drop of a company like Target to the refusal to participate in the next round of funding.
The other big parallel to the startup community involves branding. Target has a brand valued at a staggering $25.5 billion (2nd only behind Walmart!). Most estimate the cost of the breach at $1 billion before including loss of goodwill, which has yet to be calculated. One might consider the 46% drop in 2013 Q4 profits as an indication of some of this lost goodwill.
In a fiercely competitive yelp-review-fueled digital marketplace, branding can be everything. Startups can have robust yet fragile brands given their youth and inexperience. The last thing any startup company needs is a smudge on their brand name so early in the game. VC-backed startups are admittedly more agile than most, but recovering a loss of trust can be difficult no matter how fast you can move and adapt.
So what’s the point of this post? It’s a friendly reminder that while the CTO generally digs into the details of your tech and sets up security measures, it’s ultimately the CEO that’s responsible for making sure the company’s cyber security measures are up to snuff. In fact, some legal experts have even suggested that remaining informed about your company’s cyber security may become the next big fiduciary duty for executives.
At the end of the day, CEOs, it’s your head on the chopping block…so pay attention!