Last year, venture capital funding for cybersecurity companies broke records. According to data from Pitchbook, in the first six months of last year alone, cybersecurity startups raised $9.9 billion globally. That figure was close to the entire total raised the year before. Additionally, the average valuation of cybersecurity companies raising funds more than doubled, to $475 million.
This influx in funding is likely because more and more companies are prioritizing cybersecurity as attacks increase. And startups are especially at risk. According to a recent report, more than half of all cyberattacks target small- to medium-sized enterprises.
That’s why cybersecurity entrepreneur Danny Mizrahi says cybersecurity is especially important for tech startups who are often tasked with keeping sensitive information confidential and protecting their product from hacks.
“There’s all these different cybersecurity policies that startups are supposed to have” Mizrahi says. And they don’t even know they’re supposed to have them until they’re closing a deal, which is sad because all of a sudden they’re freaking out.”
As a fellow startup founder, running two companies handling cybersecurity and IT, Mizrahi understands the challenges startups face when it comes to cybersecurity compliance. In a webinar for Founders Network members on August 9, 2022, he covered the role of cybersecurity compliance in startup funding, sales, and data.
Here’s a sneak peak of the webinar.
According to a recent analysis, the average small and medium-size business manages 47.81 Terabytes of data. This often includes sensitive customer data in the form of personal identifiable information that startups are required to protect in order to comply with state and federal regulations. However startups often aren’t knowledgeable about these laws and can risk fines if they run afoul.
“If you are holding personal identifiable information–which almost every technology is–you’re dealing with a privacy act in every single state in the United States at this point, as well as the GDPR in Europe. And certainly if you’re holding healthcare information, you’re dealing with HIPAA,” Mizrahi says. “And if you’re breaking those laws, you get fined.”
In order to secure venture capital funding, startups often have to jump through a lot of hoops. This also includes complying with certain cybersecurity requirements that VCs might not be unfamiliar with.
“When you’re raising money, a lot of these VCs are sending vendor requirement letters or third party compliance checklists,” Mizrahi says. “And what happens there is you have to have a very specific cybersecurity posture, usually based on a requirement. Sometimes the investors will say, ‘I can’t invest in you,’ if you’re literally breaking the law or one of these regulations.”
Cybersecurity compliance is also vital to the sales process. In order to close deals with companies with established cybersecurity requirements, startups often have policies in place such as a breach notification policy, information security management system, a password protection policy, mobile device management policy, and data usage policy.
“When companies are sending a proposal to a big company that has cybersecurity requirements, they send back a spreadsheet that has 250 questions, questions that they have to answer. And they have to have about 12 or 13 and maybe sometimes 20 different policies that they have to have created. A lot of startups don’t realize that this is actually part of the sales process.
In his webinar, Mizrahi covered:
- Vendor Requirement Letters
- 3rd Party Compliance Checklists
- Privacy Policies
- PCI/ISO/SOC2 Frameworks Overview