The reality is that most startups don’t take security seriously until they are punched in the face by a data breach. The ‘move fast, break things’ mantra of startup culture, mixed with development methodologies that focus on and reward shipping product over securing it, creates at best a ‘path of least resistance’ approach to security.
But as the numerous data breaches in 2017 have shown (Uber just being the most recent example), once your company has been punched in the face, it’s far too late.
Failure to comply with PIPEDA could cost Canadian companies up to $100,000. GDPR non-compliance could mean €20 million for companies with EU citizen data.
Beyond the brand hit, upcoming regulatory changes will also make data breaches financially costly for companies caught unaware. The 2015 changes to Canada’s PIPEDA (Personal Information Protection and Electronic Documents Act) via the Digital Privacy Act come into force late this year or early 2018, increasing both consumer and government visibility requirements. Failure to comply could cost Canadian companies up to $100,000. The stakes are even higher for Canadian companies holding the data of EU citizens; the General Data Protection Regulation (GDPR), which comes into effect May of next year, could cost up to €20 million or 4 percent of global annual turnover, whichever is higher, for non-compliance.
So how do startups focused on product development develop the right security practices into their products? Is a security culture compatible with Agile development? What are the hard costs of being haxored?
BetaKit has teamed up with Microsoft for a Facebook Live session to answer your questions about security and scale. Can’t join us live next Tuesday? Post your question in the comments section below and we’ll get it answered so you can watch our post-stream video!
Facebook Live chat: Agile Security for startups
Tuesday, November 28th, 12:00PM-12:45PM EST
Douglas Soltys, Editor-in-chief at BetaKit
Feature image courtesy Unsplash.