01-08-2025
Startups Can't Afford to Ignore Cybersecurity: Interview
Home » Startups » Startups Can't Afford to Ignore Cybersecurity: Interview
Fresh off an award win at GISEC North Star 2025, TECHx Media spoke with Vivek Chandran, CEO of RISKNOX Private Limited, for an interview featured in the recent June–July 2025 edition of CodeRED. In this conversation, he explains why cybersecurity has become a survival issue for startups. Size and speed no longer guarantee success. As cyberattacks grow more sophisticated, even early-stage startups are in the crosshairs. Once dismissed as too small to target, they now face the same threats as global enterprises.
To understand what's at stake and what emerging businesses should do, Vivek brings a grounded, tactical view of the evolving threat landscape and how startup leaders can survive and thrive in 2025 and beyond.
What are the top cybersecurity threats that startups should be most concerned about in 2025 and the coming years?
The cybersecurity threat landscape isn't what it was even five years ago, it's evolving constantly. That's the first thing startups need to understand: it's not a static problem. The tools and tactics used by cybercriminals change every few months, if not weeks.
If I had to pick the top three threats right now, AI-enabled cyberattacks would top the list. We're seeing a rise in sophisticated attacks powered by artificial intelligence, from deepfake phishing to automated vulnerability scanning and exploitation. These are faster, more adaptive, and harder to detect than traditional threats.
Second, and this may surprise some, is human negligence. It's not a 'threat' in the classic sense, but it's often the root cause of security breaches. You can spend millions on tech, but one employee clicking the wrong link can still bring the system down. Humans remain the weakest link.
And third, phishing is still a huge problem. It's old-school, but highly effective. Startups are particularly vulnerable because they often lack the infrastructure to detect and respond to social engineering attacks quickly. Phishing doesn't need to be advanced to be dangerous, it just needs to be convincing.
How has the cybersecurity landscape changed over the past five years? What trends should startups keep an eye on?
The past five years have been transformational. The biggest disruptor has been AI and, again, it's a double-edged sword. AI is helping us build smarter, more efficient cybersecurity tools that automate detection and response. But on the flip side, attackers are using the same AI to supercharge their campaigns.
Another major shift is that every new technology introduces new vulnerabilities. AI, blockchain, IoT they all come with their own security challenges. And often, organizations adopt these technologies faster than they can secure them.
Finally, governmental and regulatory forces are playing a bigger role. From GDPR to CCPA and now the Cyber Resilience Act, we're seeing a global trend toward mandatory cybersecurity compliance. This is actually a good thing it forces businesses to maintain at least a minimum viable security posture.
Should cybersecurity be a legal responsibility for startups, or is that too ambitious at an early stage?
In an ideal world, yes, cybersecurity would be a legal responsibility for every business, regardless of size. But in the real world, especially for startups, it's complicated.
Startups often don't have the budget or the team to build a full-fledged cybersecurity framework. As a founder myself, I know how tough it is, cybersecurity can feel like a luxury when you're trying to stay afloat. But that doesn't mean startups are off the hook.
What I believe and advocate is a shared responsibility model. Cybersecurity shouldn't be one person's job. Everyone, from founders to interns, should be aware of the basic principles of digital safety. Startups may not be able to do everything, but they can start with the basics: secure passwords, multi-factor authentication, data access control, and regular backups. These don't cost much but can go a long way.
How do global data regulations like GDPR, CCPA, and the Cyber Resilience Act shape the way startups operate?
They're reshaping the mindset and that's crucial. A few years ago, cybersecurity was often viewed as a luxury. Many smaller companies thought, 'Why would anyone target us?' That thinking no longer holds.
These regulations are forcing accountability. They're saying: If you're collecting user data, you're responsible for securing it. No exceptions. And that accountability builds trust not just with regulators, but with customers.
What these regulations have done is establish a baseline culture of cybersecurity. Even if a company isn't directly under the purview of something like GDPR, they often adopt the practices anyway to future-proof their operations. This is especially important as startups scale globally.
Do you believe governments should impose stricter cybersecurity regulations on startups, or offer more support instead?
Support first, regulations later. Imposing strict rules too early can backfire. Startups, already stretched thin, might try to find workarounds just to stay in business.
What governments should do instead is invest in capacity-building offer grants, training programs, and subsidized tools. Help small businesses adopt best practices without breaking their budgets. Once there's a baseline maturity in the ecosystem, then phase in stricter compliance rules.
This layered or phased approach is more sustainable and more effective in the long run.
There's talk of a cybersecurity talent shortage. Is it really that hard to find skilled professionals?
There's no shortage of interest but there is a gap between certifications and real-world skills. Many candidates have credentials but lack hands-on experience.
Startups, in particular, need practical problem-solvers, not just textbook experts. What we need more of are experiential learning platforms, internships, cyber ranges, environments where people can learn by doing.
For founders, my advice is to hire based on potential and adaptability. You might not be able to compete with tech giants on salary, but you can offer learning, autonomy, and purpose, which many securities professionals' values just as much.
If you could give one piece of cybersecurity advice to every new founder, what would it be?
Don't let lack of budget stop you from doing something.
There are tons of free and low-cost resources out there from SANS to OWASP to NIST guidelines. You can absolutely build a minimal, but meaningful, cybersecurity foundation even if you're bootstrapping.
Treat cybersecurity like any other critical function, your dev team, your HR, your marketing. It's not optional anymore. Even a basic security hygiene culture can drastically reduce your risk.
Do you think cybersecurity will eventually be seen as a fundamental utility, as essential as electricity or water?
Without a doubt. We already rely on digital infrastructure for everything, finance, healthcare, transportation, energy. If any of these go down due to a cyberattack, the consequences are devastating.
Cybersecurity is no longer just about protecting data. It's about protecting lives and national security. We're also seeing how cyber warfare is becoming a central strategy in geopolitical conflicts.
So yes, cybersecurity will and should, become a default layer of modern society. It's the new electricity. Invisible, but absolutely essential.
Vivek Chandran's message to founders is clear: cybersecurity is a necessity, not a luxury. Startups may face budgetary and staffing constraints, but that's no excuse for ignoring the risks. From AI-driven threats to phishing scams and regulatory pressures, the cyber battlefield is real, and unforgiving.
Fortunately, knowledge is power. And as Vivek points out, the tools to get started are already out there, many of them free. For founders in 2025, the goal isn't perfection, it's proactive protection
