A FinTech Platform To Take Your Business To The Next Level​

Startup ‘C’ & BoD Should Do This Too!

On BlogsLeave a Comment on Startup ‘C’ & BoD Should Do This Too!

Startup ‘C’ & BoD Should Do This Too!

Share on facebook
Share on twitter
Share on linkedin

The information security challenges increase in frequency, sophistication, and impact by the day. There has been tremendous progress over the past decade at individual, entity, industry, and societal levels but there are two imbalances that do not get the attention they deserve:

1. First, small businesses (including startups) are not as well prepared as the big boys. And they justify that to themselves with the usual ‘we are too small to be someone’s target’ or ‘we don’t store any customer data’ or even ‘if IBMs and Microsofts of the world get breached, what am I going to do to stop it?’ and “I know but this is too expensive for us” and so forth.

2. Second, to put it somewhat bluntly, is the operating level preparedness is far better than at the executive level.

The startups often fall into both these buckets and thus, doubly vulnerable to a life-threatening event. 

You need not be a fintech to be at risk, you may be an agri-tech or a media-tech or even a pure-play tech player with an advanced analytics or big data offering. The day you collect your first customer record to do whatever you do, you are on the radar of the bad guys. And contrary to what you may think, you are of greater interest to the bad guys than the big guys because you offer a better cost-benefit ratio to them, if not a low-hanging fruit!

Security events have taken down many startups and slowed down many more and the founders, the C suite and the investors are constantly grappling with their risk profile. It is not they are not spending on security but that language is often alien to the board and even hands-on C suite members. There is a highly effective and inexpensive tool that can take the language that is appropriate for them. It is called a Tabletop Exercise and is probably the least known or used tool in organizations.

A tabletop exercise, when designed well, can give tremendous insights to the founders, C level officers and the board members/advisors. Let us take a simple example. Say an employee, or worse, a customer tells you that that data that you collect from your customers is on the dark-web. How does your C suite respond? How does your board respond? Some questions that (should) pop up are:

CEO – What internal actions are needed to verify, validate and gauge the extent of the event? What immediate actions are needed? What do I need to do personally to satisfy regulatory and legal requirements as well as provide effective leadership to everyone in this stress situation?

CFO – What are the financial implications of this event? What is our liability exposure? Does our insurance cover this? What forensics investigations are needed to make an insurance claim? How to calculate the direct and indirect costs and losses?

COO – How is this affecting my ability to service my customers? Do we need to declare an event? What type of event? What risk or impact level? What communication plan is needed to communicate with key stakeholders consistently and meaningfully, without causing panic or mistrust?

CIO/CTO – How do we explain the event to various internal and external stakeholders in each one’s language? What will it take to recover as quickly as can? How do we step up to lead an across-the-spectrum effort to involve, educate, and stabilize all stakeholders?

Legal/Marketing – What do we tell our customers and vendors? What do we tell our employees? Do we need to notify local, state and federal authorities – when, how, whom?

From a simplistic sampling above, you get a sense of the questions that arise with such an event and it is obvious you cannot find all these answers on the fly or they will be suboptimal if you do.

A tabletop is a great way to strategize, streamline, and preplan your responses as a team to the risk events your organization or portfolio is subject to. Take a new topic every, say six months, and let your C team and Board think thru it and sharpen their skills to respond calmly and quickly in the face of an adverse event. Once you get a hang of it, you will want to extend it to other areas of your business too. 

About Author

admin_bfsi

Leave a Reply

Your email address will not be published. Required fields are marked *

arrow
BFSI Tech Talks Logo

About Us

BFSITechTalks is a platform that is situated at the intersection of fintechs, startups, investors and the BFSI (Banks, Financial Services and Insurance industries).

Quick Links

Contact

© Copyright 2020 BFSI Inc. All Rights Reserved