A CYBERSECURITY STRATEGY AND ROADMAP may look very barren for a start-up that is pre-seed investment. If your product does not yet exist outside of a great idea, it might seem there is little to plan for at the moment. This is a misconception and you can and should plan for cybersecurity to be part of your business and culture from the beginning. Your cybersecurity strategy should be developed shortly after creating your business plan and defining what your business is. This information will define how and where you apply cybersecurity.

Questions you must answer:

• What type of business is this?
• What types of customers will we sell to?
• What types of information will the business consume?
• What types of information will the business create?
• Where will this business be conducted?

WHAT TYPE OF BUSINESS IS THIS?

The type of business is important, to understand how cybersecurity will scale with the company. If you are developing a free-to-download Android and iOS game with in-game purchases, your application of cybersecurity might progress slower than a biotech start-up developing a new drug to treat a rare disease.

In one case, the mobile game company would most likely survive if the first beta version of source code was stolen. In another, a biotech pharmaceutical might not survive if all R&D information was stolen by a nation-state and ...