Company founders pitch investors to get funding and other help for their business idea. Reverse pitching turns the tables: the investors, business angels and VC’s apply to the startup entrepreneurs to be allowed to invest in their companies.
Is this a good idea? No and yes ☺
Over the past 15 years, I’ve had hundreds of conversations with investors – and yet, I’ve never really thought about what it would be like if an investor had to pitch to me, not the other way around.
What would I look for?
Conversely, does this mean that once you have achieved product-market fit, you can start scaling immediately and you are sure to be successful? I would say: maybe, probably not.
Yes, 9 out of 10 start-ups fail. And yes, most of them probably failed because they offered something that the market didn’t really want. But I do have some reservations about the rest becoming successful because the PMF has been reached.
In the early days, cybersecurity training was not yet fully understood. Most attempted to educate their staff through training, and the first phishing campaigns for educational purposes were conducted. And compliance wasn’t that important yet.
A company exists because the employees believe there is a way, the customers believe it solves a problem, and the investors believe it is worth something 😉
Despite comprehensive security awareness training, many organizations still continue to have cybersecurity breaches resulting from human error. We believe that it is because many people understand cybersecurity threats in theory but struggle to apply the knowledge in practice consistently to act safely.
This gap between risk attitude (knowing what is risky) and risk behavior (actually acting securely) is what today’s article will be about 😉
The IBM Cost of a Data Breach Report has been published every year for two decades.
It’s often read for the numbers: the global average breach cost (now $4.4M), the top industries, or the fines (which in the U.S. push average costs to $10M).
But look a little deeper and with your own expert-view, and this year’s report says something more fundamental about cybersecurity awareness.
Cybersecurity awareness training is a vital component of organizational defense strategies. However, many awareness providers or solutions are not able to cover the requirements of the customers. We list and summarize common weaknesses of security awareness providers and practical steps (bigger) organizations can take to address them.
The Marks & Spencer Cyber Attack shows it. Large companies with complex organizations, many languages, multiple LMS systems, heterogeneous metadata landscapes and high process variance need cybersecurity awareness solutions that are designed to meet such challenges. Otherwise, employee awareness of cyber risks will degenerate into a farce or there is a risk of group-wide failure.
The similarities and differences are impressive – in our irregular series ‘The biggest cyber heists’, we look at the biggest cyber heists in history. Today’s post analyzes the bybit, MGM and Sony hack. We summarize what happened, how it happened, who noticed it, what damage was done and what the consequences were. We then examine what measures would have been useful to counteract this and whether something could have been done with more vigilance.
