Top cybersecurity tips for startups and scaleups


Ben Brabyn, head of Level39 – home to some of the UK’s cybersecurity and FinTech firms – explains how the nation can stay safe online. 

As if to round off Uber’s annus horribilis, the ride sharing company was embroiled in a recent cybersecurity scandal.

The company revealed that it had concealed a global breach of the personal information of 57 million customers and drivers in 2016. The affair not only highlighted the importance of transparency when it comes to reporting incidents, but also brought the threat posed by cyber attacks into sharp focus once again.

Cybersecurity is not a new topic, we’ve been hearing about data breaches, malware and cybercriminals for a long time now, but recent geopolitical turmoil and the increasing number of high-profile attacks have brought the issue front of mind.

The UK government has invested heavily. Last year it announced a £1.9bn commitment to protecting the country from attack. It issued a stark warning to businesses too. The Cyber Security Breaches Survey from earlier this year revealed that seven in 10 large businesses had identified a breach or attack, with the average cost of £20,000 per incident, in some cases reaching millions.

Next year, GDPR will usher in a new era of data protection, and it is crucial that organisations understand that these costs are real, a company that does not manage its data correctly can lose up to 4% of its global turnover.

With billions being invested in startups across the cybersecurity space, the UK’s tech ecosystem cannot shy away from the taking it seriously.

So, what steps can we take to ensure the nation is cyber safe?

Convening is key

Cybersecurity challenges are best solved by collaboration. Working together and sharing best practice will help us to meet the threat of cyber attacks. For large incumbent companies this increasingly means engaging with startups and new industry players, recognising that new threats require new suppliers and partners.

This is best achieved by engaging with the new generation of collaborative cybersecurity startups that together can provide a wide range of capabilities – and collectively help guide clients to good practice.

Protect your team as well as your clients

Protecting customer data is a priority for most companies but as we’ve seen in the example of Uber, customers aren’t the only ones with valuable personal information.

Companies need to have an eye on how to protect their employees’ details and to create a safe environment for them to operate.

The same procedures should be in place for personal details across the board.

Act swiftly and own up

Trying to bury data breaches can only serve to make things worse. Rather than staying quiet and hoping issues will go away, companies need to take charge and make sure all necessary parties are aware of any issues.

By acting swiftly, damage can be curtailed rather than amplified. Uber now faces a number of investigations and adds a new wave of legal woes to the already troubled company.

Attract top talent

The government has recently created a £20m initiative to get school children interested in cybersecurity, creating a pipeline of talent with the right skills to take on cyber threats.

In the meantime, companies should consider outsourcing to specialist cybersecurity companies.

By making cybersecurity a priority for your business, you can create a valuable proposition for incoming cyber talent to make a big difference.

Upskill your teams

Talent can come from within.

There might be existing employees who are keen to top up their cybersecurity knowledge.

By investing  in courses now, you can create additional skills in-house and help employees to add further strings to their bow.

Keep an eye on the innovators

As the pace of change in the security world increases, emerging startups signal the direction of change.

New attack vectors and styles of breach are appearing every day. Upcoming innovators may hold the key to the problems you are facing.

Get out there and meet them at incubators, meetups, and other relevant networking events. They may be newly established, but they are effective and they have a lot of wisdom to share.

Invest in capabilities and skills

No matter how small or large your company is, do not get complacent. No company is too small for cyber criminals.

There is not a bubble protecting you from a security breach, except for the one you can create if you continue to put cybersecurity at the top of your agenda in investing in the correct capabilities and skills.

Stay on top of the best and most up to date IT capabilities and skills to have the procedures in place that will protect your company, customer and employee data.