A pilot project under the auspices of Cyber Hub shall make Danish tech start-ups incorporate cyber security as a product feature from start to finish. Among others, the project has helped a proptech company save both time and money.
In 2018, Jurist Katrine Larsen and her three partners established the start-up Hococo, which connects tenants and landlords online. Hococo has a broad platform offering anything from caretaker services over the phone to a sense of community, while giving tenants a good rental experience.
To work optimally, the platform requires access to personal data such as names and contact information, and COO of Hococo Katrine Larsen has sometimes feared becoming a victim of cybercrime, which she had seen various examples of working as a jurist for an insurance company.
’You can work really hard, e.g. focus attention on security among the staff and build firewalls. But no matter what you do, you will never be a hundred per cent safe, because anyone can accidentally click on a bad link’, she says.
To systematise processes and help the company qualify for an ISO27001 certification next year, she therefore chose to sign up for Cyber Hub’s pilot project, Cyber Security as a Product Feature, which runs from April to December this year. The pilot project was initiated by Cyber Hub, and the project steering committee comprises Jesper Grønbæk from Healthtech, Jakob Stoumann from PropTech and Lars Bajlum Holmgaard Christensen from Cyber Hub.
‘Even though I have trained as a jurist, there are just so many processes that you need to be aware of when it comes to cyber security’, she says. ‘We had already conducted a consequence analysis, drawn up a security policy and developed emergency procedures, but we needed to explore the area. So we did a risk assessment, and the programme helped me identify a series of factors which I did not know could pose a risk. We would not have had the resources to do this if it had not been for this project’.
Away from unsexy compliance
Cyber Security as a Product Feature is the name of the pilot project focussing on security by design. Security is incorporated into all stages of development of new data- or tech-based products or services. Cyber Hub’s intention with the project is to help companies switch focus when it comes to cyber security – from unsexy compliance to a competitive advantage.
The nine participating start-ups fall under the categories healthtech, proptech, finetech and edutech, and in the course of the eight months they get individual feedback on how to incorporate cyber security into their products on a par with any other product feature. In addition, they are matched with cyber security start-ups to help them find the right solutions.
And if you ask Katrine Larsen, the chance to get a pair of fresh eyes on the company’s security status is one of the main advantages of the project.
A good clean-up
Time is often in short supply when you are busy establishing a start-up, and therefore, cyber security is often considered to be of secondary importance, says Manager of the Pilot Project Bodil Biering.
‘Start-ups often consider security something of a clean-up project, and it is often incorporated at too late a stage. So if we can introduce them to it early on and get people used to managing data properly, companies will not have to spend a lot of money on data protection and they can avoid a large-scale project that involves changing people’s habits’, she says.
Another challenge for start-ups is lack of knowledge about cybersecurity. Therefore, the project aims to help the companies increase their knowledge on how to get started – and then start implementing new, good practices.
‘It is better to do 10 per cent of what they can do than nothing at all’, says the project manager. The nine start-ups participating in the project have anything from three or five to 200 employees. What they have in common is a focus on providing cloud-based services, and cyber security should naturally be a main concern.
On a par with accountancy
According to Bodil Biering, everyone tends to think their security is uncompromised. ‘The customers expect the suppliers to have it under control, the companies expect the IT department to have it under control, and the product developers may not necessarily have the competences or time for it. Therefore, it makes sense to focus attention on the subject of security and consider it just as important as all those other product features you spend time incorporating into your products. To start-ups, this is just as important as finding an accountant or incorporating sustainability into your business approach’, she says.
And Katrine Larsen agrees. She believes that especially the developers of Hococo’s platform have benefited a lot from the pilot project. ‘It is a maturation process for them, as none of their previous jobs have encouraged them to incorporate cyber security into their product development’, she says. ‘Because of the cases I have seen in my previous work, I have focussed attention to it, but I am afraid the effect has been limited, so it is nice to have someone else tell them that it is something customers expect today’, she says with a smile.
Welcome to the front page
There are typically two things that make the participating companies take an interest in cyber security, Bodil Biering explains. First, they are afraid of seeing themselves on the front page of the tabloid Extra Bladet and thus losing their good reputation and customers. Second, they acknowledge that better security can help them attract new customers.
Katrine Larsen agrees. She acknowledges the great brand value of good cyber security. ‘It is important that our customers feel that we have the security situation and compliance under control. This should also prove beneficial when we expand to the rest of the Nordic countries’, she says, revealing the company’s expansion plans. ‘If we had not participated in the project, we would have postponed the process and it would have cost a lot more. And start-ups just do not have an abundancy of money or time’, she stresses.
3 pieces of advice from Bodil Biering
- Develop a common language and a way to talk about it internally and externally that highlights the value hereof instead of ignoring it and hoping that it will simply go away. Instead, talk about it openly as a competitive advantage.
- Do a risk assessment to determine which cyber security measures to focus on first. This will differ from company to company. These are usually low-hanging fruits, but having identified a method should give you peace of mind – and doing a risk assessment is not all that difficult.
- Get started! Incorporate cyber security into your processes and approach it iteratively. It should neither be a one-off nor a huge project. It is better to get started and make improvements on an ongoing basis than to start out by biting off more than you can chew. Once you have got started, you will get used to incorporating it into your product development processes. The idea is to make it part of any professional business.
- An online service and communications platform that connects tenants and landlords. The platform offers landlords the tools to give their tenants a modern, digital rental experience as well as to optimise internal processes.
- Founded in 2018 by Katrine Larsen, William Shaw, Peter B. Andreasen and Caspar M. Kjellberg. Based on their own experiences as tenants, they wanted to innovate on the entire rental experience from start to finish.