By Yuval Illuz, member, CTO and CISO in Residence of SC Ventures

In 2022, cyberattacks increased by 38 percent across the globe, and in Q4, there was a record all-time high of over 1,000 threats per week among surveyed organizations. This comes on the back of increased investments in new technologies. Amid an ongoing funding contraction, investors have been quick to look to promising projects testing out new innovations as these are more likely to report increased revenue growth. However, this experimentation — if done without the proper guardrails in place — could come at a significant cost. Cybercrime could cost the global economy nearly US$14 trillion by 2028.

Cybersecurity risks are especially acute in the fintech and financial services sector given the large quantities of sensitive client and transaction data passing through their systems each day. And with fintech primed to become a $1.5 trillion industry by 2030, interest in new, innovative business offerings are only set to grow. But to retain a competitive edge in the long term, these startups will need effective cybersecurity strategies in place, making this a key area for investors to watch.

The value of a strong business-driven cybersecurity strategy

When it comes to cybersecurity, there’s no cutting corners. In the same way investors would scrutinize any analysis performed by founding teams to assess product-market fit, the same rules apply here: a holistic approach trumps a siloed one. Investors should look for fintechs that have actively prioritized comprehensive cybersecurity strategies. This means ensuring that teams have a strong, iterative understanding of the threat landscape — not only in terms of present risks but those that lie ahead as the industry evolves and as new technologies are implemented into their business lines. Simply put, a one-size-fits-all approach to cybersecurity won’t meet the mark.

Chief risk officers in the banking sector consistently rank cybersecurity as their top priority, since the financial services industry relies on a sprawling ecosystem of third-party partners and vendors. The security and data privacy practices of one party will affect another. The risk level will also vary based on the different strategies employed, such as full ecosystem development and orchestration, direct investments in joint ventures, or looser alliances. For fintechs looking to be part of such ecosystems, it’s vital to understand the cybersecurity counterparty risk and the role one plays within an entire network of providers and platforms.

By 2026, global cybersecurity spending is set to grow to nearly $300 billion, with sectors such as banking and finance contributing to almost a third of all investments. Realistically, companies — especially smaller startups — don’t have infinite resources to invest in cybersecurity solutions. With this in mind, investors should pay close attention to how spending is being allocated. After all, increased investments don’t necessarily translate to better outcomes.

Does the team know exactly which business-critical assets are most at-risk? What are these risks and how can they be benchmarked against one another and mitigated? By asking these questions, investors can assess whether teams are investing intelligently, only putting their funds into the right resources, tools and products that are worth investing in.

By assessing fintechs according to the strength of their cybersecurity strategies, investors can ensure that their investees are built for success in the long term — delivering better returns based on sustainable growth and a distinctly compliant, customer-first offering.

Fostering a culture of cybersecurity resilience

Around 88% of all data breaches occur as a result of human error, according to research from Stanford University. That is why people play a key role in the effectiveness of any cybersecurity strategy. For organizations of any size and maturity, it’s critical to foster a culture of cybersecurity and data compliance, plus ensure there are dedicated systems and programmes to educate team members.

While it may be tempting to deploy more technology-based solutions to bridge this knowledge gap, the truth is that an organizational mindset shift is what will ultimately drive a more cyber-resilient culture at its core. As such, investors should keep an eye on whether security leaders are integrated into business decisions. Without their input, startups can suffer from critical gaps as a direct result of incongruous security priorities and policies. As cyber threats evolve constantly, it’s worth arguing that cybersecurity education should be at least, if not more, on the same priority level as cybersecurity measures.

Such an approach ensures a security-first mindset led and implemented from the top, setting the tone for awareness throughout the entire organization. This is key to fostering greater cyber risk awareness and building ‘a human firewall’, to transform what was once the weakest link into a strong asset.

Marrying the best: governance, compliance, and innovation

At this stage, the role of pioneering fintech startups in the traditional banking sector is now an inevitability. Investors should consider fintechs that leverage synergies with banks and financial services institutions (FSI), especially if it helps strengthen existing infrastructure on both sides.

While startups’ agility and willingness to experiment strategically can support an FSI to build and adopt new infrastructure and leverage emerging technologies — the quality of cybersecurity standards among most startups leaves much to be desired. Despite being well-funded, 98 percent of the world’s top fintech startups are vulnerable to cyberattacks across multiple channels.

Bearing this in mind, investors should consider startups that partner with traditional FSIs and leverage their existing know-how and long-standing experience operating in highly regulated environments while adhering to robust compliance processes.

As the corporate venture capital and venture incubation arm of Standard Chartered, SC Ventures enables our venture and portfolio companies to benefit from the Bank’s global network of partners and experts. SC Ventures brings more value to the table than just capital — we give startups access to the rigorous frameworks and infrastructure to best operate in regulated environments, enabling them to safely transform the financial ecosystem at large.

With the aim of building ventures that are bank-grade, secure by design and compliant by default, we encourage ventures to take a holistic and comprehensive approach that is essential to effectively manage and mitigate evolving threats. At SC Ventures, we adopt and leverage industry-wide information and cybersecurity standards and augment them with specific controls. This includes the NIST Cybersecurity Framework, ISO 27001 Information Security Management System, as well as the Center for Internet Security (CIS) Critical Security Controls V8 to enable our ventures and portfolio companies to achieve maximum risk reduction.

Living in an age of disruption

Investors researching startups need to remember that innovation can only meaningfully take place at scale if implementation is done so in a measured way — with an active emphasis on client and consumer protections that safeguards against cybersecurity risks. Cutting corners, especially when it comes to compliance, is costly for startups and investors alike. For businesses at the earliest stages of their journeys, this could cause profound economic impact and irreparable reputational harm, further impacting their bottom line in a rapidly crowding market.

As investors assess new entrants in the market, it’s important to prioritize a strong understanding of cyber risk as a mark of technological resilience as they measure a startup’s success. Building projects that are compliant shouldn’t be seen as a deterrent to innovation, but instead, as a competitive edge.

About the author:

Yuval Illuz has an impressive track record of more than 25 years in leadership roles including Technology & Operations and Cybersecurity. In his current role, Yuval is a Partner (Member) and CTO for SC Ventures, a business unit that provides the platform and catalyst for Standard Chartered to promote innovation, invest in disruptive financial technology and explore alternative business models. As part of his role, Yuval is part of the leadership team and is responsible for tech strategy, cyber and innovation.

In his previous role at Standard Chartered Bank, Yuval served as the Group CISO and COO, Trust, Data & Resilience. In the past, Yuval held several senior roles such as GM, CIO, CISO, and CTO across different industries such as Finance, Online Trading and Gaming, Telecom, Retail and more.

Yuval is the Chairman of the Board for Letsbloom, an SC Ventures financial security (FinSec) company, and Libeara, an SC Ventures-owned digital asset company. Previously, Yuval was a member of several boards and advisory boards for large organisations and start-ups, advising on business development and assisting in capital raising, strategy, roadmap, market penetratio, and leading start-ups to an exit/IPO.

Yuval holds an MBA (hons.) in Business Management and Information Technology and a BA in Computer Science and Management.

