You work as the head of the IT department of an insurance company based in Salt Lake City, Utah. You also wear the chief information security officer (CISO) hat. Your company’s portfolio of clients is very diverse: it includes sports equipment companies, pharmaceutical companies, several roofing contractors, hotels, and construction companies.
Recently, one of the insured companies was hacked. You gave an internal presentation on how the crime could have been committed and how it could have been prevented. An idea has been incubating in your head for some time now. You want to start your own cybersecurity business. You certainly have the technical know-how and your inside knowledge of how the insurance business works, adds higher value to what you can do. So how do you do it?
The following discussion will help you with this cybersecurity business venture:
Why a Cybersecurity Business?
Think Yahoo! back in 2013-14. Three billion user accounts were hacked, disclosing actual names, e-mail addresses, telephone numbers, and other personal information. The estimated damaged to Yahoo! as a result of this breach was in the ballpark figure of $350 million.
Verizon eventually bought Yahoo for $4.48 billion. JP Morgan Chase, Home Depot, eBay, and a host of other companies suffered significant data breaches after Yahoo. The risk is real. Whether you’re big or small, you might lose everything.
You need to have a profound knowledge of the IT industry and how it has impacted practically all facets of any given corporation or organization. Here are some key areas that you need to focus on:
- Customer profile and market composition. As discussed, you will likely be servicing a wide range of companies in the market, from small companies with smaller systems, up to big corporate giants like banks, insurance companies, online stores, etc. For as long as computers, Internet access, and data storage are integral to their business, vulnerability to malicious attacks is always a possibility. This means that you need to be prepared to respond to the needs of each of these entities.
- People and technology. You need to be creative in finding key people who will develop your technique. Hiring can be very costly, and it’s an option for you to look for venture capitalists (VCs) to help fund your project. Your team must be in tune with the current cybersecurity landscape, i.e., what are the existing solutions, the areas of improvement, and the future needs of potential clients. Your solution must be able to stay ahead of the efforts of hackers.
- Know your limitations. You won’t be able to respond to all problems related to hacks and data breaches. Set a realistic expectation on what you can do in your first year. You can spend plenty of time developing tools for prevention, but you can also allocate resources towards developing tools for detecting attacks and mitigation. Other focus areas or services include security compliance, cloud security, firewall management, and security software customization.
- Cost and other requirements. If you are an experienced IT professional, then you probably have the necessary degree and certifications to venture into this business. You need to put in several thousands of dollars to start, even at a scaled-down level. You must work out thoroughly your financials before your operation. If done correctly, ROI will not be a problem.
You will have to contend with competitors. From the start, consider what your business structure should be. These key areas will move you in the right direction.