New playbook guides startups against costly cybersecurity breaches

PwC Indonesia and AC Ventures have launched a ‘Cybersecurity Playbook for Startups.’

AC Ventures, in collaboration with PwC Indonesia, has introduced a new "Cybersecurity Playbook for Startups,” to provide strategies to tackle data breaches, which according to recent data from PwC, can cost upwards of US$1 million per incident.

The playbook serves as a practical guide for establishing a robust cybersecurity foundation tailored specifically for early-stage companies. "It covers common threats, cybersecurity principles, and creating strategy tailored specifically for early-stage companies," explained Samira Shihab, Principal and Head of Value Creation at AC Ventures.

She highlighted the playbook’s emphasis on proactive response planning and compliance with new regulations, making it a critical tool for integrating cybersecurity into early business operations.

Subianto, PwC Indonesia’s Chief Digital and Technology Officer, elaborated on the urgency of the playbook's release, citing the rising cost and frequency of data breaches. "The risk is getting increased, and also the cost of data breaches is getting more and more worrying," he noted.

The playbook suggests startups begin with a cybersecurity risk assessment to identify key information assets and potential risks. This assessment is vital for prioritizing protection efforts effectively. "Startups may not be able to protect everything, so they need to assess what are the key information assets they need to protect," Subianto stated.

Moreover, the playbook recommends strategies to manage breach-related costs, including the establishment of incident response plans and business continuity strategies. Shihab emphasised leveraging technologies that automate threat detection and response, which can significantly reduce manual labor and expedite recovery.

Key actions outlined in the playbook for startups include taking a proactive approach to cybersecurity by focusing on three main principles: confidentiality, integrity, and availability.

"It's critical...that senior management needs to be made aware of the importance of cybersecurity. And this is not only an IT issue...but actually is everyone's business within the organizations," Subianto explained. Additionally, he stressed the importance of testing incident response plans to ensure they function effectively in real scenarios, not just theoretically.