A small company will be largely unencumbered by some governance requirements and will only need to worry about more general practices such as data protection and employment laws.
Larger companies, especially those that are publicly listed, or involved in highly regulated areas such as finance, will have very explicit rules that they must adhere to. In addition, some customers, such as government and public sector clients, will have additional needs that must be met to undertake work for them.
These governance and security requirements will impact the security reliability measures your design might need to include, as well as introduce additional tests and checks that may need to be performed.
Another field we must be aware of is risk. This is often tied closely with security and governance; however, the larger the company, and the more established, the more at risk they are.
For example, a new company that has started to provide a particular service will have very little risk in terms of how they may be impacted by a security breach. Many countries’ data protection laws will fine a company for a data leak based on turnover – the bigger the turnover, the greater the fine.
Information
UNCTAD provides links to many countries’ specific laws on data protection and other global reports: https://unctad.org/page/data-protection-and-privacy-legislation-worldwide.
Reputational risk is also a large factor. For an established company, any security breach can greatly damage their reputation, which in turn can result in huge financial losses as other customers lose faith in their services. A start-up company has no reputation, although it could be argued that they are, of course, trying to build one.
Finally, long-established companies have greater visibility and are therefore more likely to be targeted. Again, the smaller start-up, which is yet to make moves into the marketplace, is relatively unknown and therefore less likely to be targeted – at least not for financial gains.
As with processes, security and governance increase the complexity of your design, or at the very least will often result in more scrutiny by the relevant approvers.
This is not to say that a design can be any less secure for a smaller start-up, rather that the multi-national company will have far more checks and balances in place that can increase the amount and detail of documentation.
In the next section, we will examine a topic that needs to be considered for any size of company – keeping an eye on costs.
Leave a Reply