Company founders, executives, and investors alike often take the need for speed as a given when it comes to competing in a digital economy.
With a focus on agile development, lean start-up principles, sprints and speed-to-market (to name a few) it’s no wonder executing quickly is a top priority.
Stop and consider for a moment that undisciplined, inexperienced speed results in errors in judgement and planning that can result in serious security and privacy breaches for digital business as they scale?
What if speed kills?
The origins of speed kills
During the 1992 U.S. Presidential Campaign, senior advisor James Carville famously had a sign in their war room that said Speed Kills — Bush. Carville's point about rapid communications being critical to success through disrupting opponents in a modern political campaign became the playbook for political teams since.
In the technology world, rapid development of new technologies has also been embraced, with similar aims around disruption of competition and redefinition of markets aimed at growing firms instead of winning elections.
To be fair, there have been many start-up successes that seem to validate the speed imperative.
But our digital economy is now plagued by cybercrime.
With economic losses predicted to exceed $2.1 trillion by the end of 2020, what if speed has moved from solely being a positive attribute to one that ultimate results in data disaster that negatively affects firm reputation, customer trust, business operations and invites punitive fines or stifling regulation?
There are indications that this has begun to play out for start-ups as they scale or reach full maturity and can be seen in several recent cases.
The Apollo and Facebook meltdowns
The breach of fast-growing sales engagement start-up Apollo, which built a database of more than 200 million contacts at 10 million companies, disclosed on Oct. 1, 2018 is one of many examples of fast-growing start-ups suffering major incidents.
It goes without saying that Facebook's myriad security issues, from Cambridge Analytica to its own security failure with tokens affecting more than 30 million user accounts, is yet another example of a security failure at massive scale.
Both Cambridge Analytica and Facebook now face the possible of massive fines under Europe's General Data Protection Regulation (GDPR).
But there is an alternative between reckless speed and lethargic product and business development.
A way in which security is baked into the product, start-up culture and business practices from Day 1 in such a manner as to enable proficient speed throughout the scaling of the enterprise.
The foundation of this approach can be found in a saying commonly used by elite military forces around the world.
Slow is smooth and smooth is fast
The expression, ‘slow is smooth and smooth is fast’ can be traced to the elite U.S. special forces unit known as the Navy Seals. It is also widely used by other military forces, including the UK’s. That’s where I first heard it, thanks to meeting Rise London General Manager Tony Margiotta last week as part of a panel discussion on cybersecurity.
The point of slow is smooth and smooth is fast is that by building up skills and abilities proficiently, soldiers are able to execute quickly when it matters in the heat of combat and while under tremendous stress.
In applying this lesson to start-ups, it’s easy to see that many end up bolting security on well after their products are developed and businesses begin scaling, leading to compromises in people, process, culture and technology based security approaches.
Baking security in from Day One
A better approach is to build security into the latest and greatest start-ups as early as possible.
Start-up accelerators and venture capital firms can help their portfolio of start-ups by providing a shared chief information security officer (CISO) model or at a minimum, some introductory training and mentorship.
Many already do this in many cases for marketing, sales, finance and product development, but why not security?
This isn’t a call to drown good idea in security bureaucracy, but to introduce security and privacy as key business success and enablement factors.
Security and privacy processes, controls and team can and should scale as the business ramps up, not be an after thought. This will lead to better firms, more resilient products and less risk in a start-up investment.
We’re willing to put our money where our mouth is.
If you’re managing a world-leading accelorator looking to provide free cybersecurity advice to your cohort, reach out and let us know.
We’re happy to provide free recommendations to companies looking to scale up and bake cybersecurity into their culture early on.
We want a more resilient and secure startup ecosystem and that starts with pitching in.