“Moving fast and breaking things” has never created trust. Start-ups must build customer trust from early days by embedding sound security and privacy practices in the products and in their culture.
For regulated industries (which isn’t in the age of GDPR?), blind trust will never be enough and being able to demonstrate a sufficient degree of due-diligence on key vendors will always be essential to defend against any liability in case of a data breach.
Security products consolidation and integration become key factors, as the “when-not-if” paradigm around cyber attacks takes centre-stage with senior executives and their focus shifts away from risk and compliance, towards execution and delivery.
Instead of being treated as another box checking exercise and a quick win, cyber resilience must be embedded into the right corporate structures and used to channel a different culture from the top down around cyber security.