Cybersecurity: A Growing Necessity for Startups and Businesses

In today’s digital landscape, cybersecurity is a critical priority for organizations of all sizes. From startups to companies across various sectors, the need to protect sensitive data and maintain operational continuity has never been more important. Experts from Cresco, Secutec, and the Port of Antwerp-Bruges emphasize the importance of proactive cybersecurity measures, awareness training, and collaboration to safeguard systems from evolving cyber threats.

The Illusion of Invulnerability

One of the most dangerous misconceptions in cybersecurity is that smaller companies or specific sectors aren’t at risk of being targeted. Geert Baudewijns, founder and CEO of Secutec, explains, “Many businesses, especially smaller ones, believe that they’re too insignificant for hackers to notice. But hackers don’t discriminate by size – they assess the security measures in place at a company. “A company with lower value but weak protection is more likely to fall victim than one with stronger security, even if it holds greater value."

Similarly, Yannick Herrebaut, Cyber Resilience Manager and CISO (Chief Information Security Officer) at the Port of Antwerp-Bruges, highlights that the increasing complexity of the port’s interconnected systems makes it an attractive target. “Cybersecurity isn’t just about protecting one system. It's about securing the entire network that spans multiple stakeholders, from shipping companies to government agencies,” he explains. “An attack on one system can quickly ripple through the whole operation, affecting everyone. Luckily, we've made sure that there are no unnecessary connections between systems, avoiding weak links.”

At Cresco, Managing Partner and Technology lawyer Olivier Van Raemdonck warns that many startups share this false sense of invulnerability. “The idea that they’re too small to be a target is misguided. Cybercriminals target everyone, and failure to invest in security can have devastating consequences, especially for companies handling sensitive client data,” he says. “Furthermore, startups and scale-ups are sometimes targeted specifically because they process data of larger, better secured companies, and cybercriminals tend to go for the path of least resistance."

Proactive vs. Reactive Approaches

As businesses become more digitally dependent, cybersecurity must shift from a reactive measure to a proactive one. Baudewijns notes that although technology has improved, many businesses still take a wait-and-see approach. “Companies often don’t invest in cybersecurity until they’ve been attacked, but by then, the damage is often already done.”

Herrebaut emphasizes the importance of a proactive approach, where risks are minimized before an attack occurs. He states: "That’s also the idea of a proactive approach, where we try to prevent things as much as possible. And not just act when it’s too late."

This proactive mindset is echoed by Van Raemdonck, who highlights the regulatory side for startups. “With rising legal requirements like GDPR and NIS2, it’s not just about protecting data – it’s about being prepared for compliance audits and preventing fines,” he explains. “By proactively addressing cybersecurity, startups avoid costly setbacks in both legal and operational terms.”

The Cost of Cyberattacks

The financial and reputational cost of a cyberattack can be devastating, particularly for smaller businesses. Baudewijns points out that an attack on a company with fewer than 100 employees can cost between €100,000 and €150,000. “This doesn’t even include the longer-term effects, such as damage to your reputation and loss of customers,” he adds.

Herrebaut agrees that the risks are substantial, particularly for large organizations. “A cyberattack on a port like ours could disrupt the global supply chain, leading to massive financial losses,” he explains. “It’s essential to ensure that our defenses are in place to prevent such an event from happening.”

The repercussions are not just financial – trust can also be undermined. Van Raemdonck adds, “When a company’s data is breached or a system goes down, customers lose confidence. Rebuilding that trust can be even more expensive than the initial attack itself.”

The Role of Employees and Awareness

A critical element of any cybersecurity strategy is the human factor. Both Herrebaut and Baudewijns stress that employees must be educated about the risks and their role in preventing cyber incidents. “At the Port of Antwerp-Bruges, we invest in regular training to ensure everyone from top management to operational staff is aware of the threats and how to protect themselves,” Herrebaut says.

Baudewijns echoes this sentiment, explaining that many businesses overlook the knowledge gap within their teams. “IT departments may not be growing as fast as the technologies they need to defend against,” he notes. “That’s why training is key – just like accountants must stay updated on laws, IT professionals must stay informed about the latest cybersecurity threats and solutions.”

Van Raemdonck also sees the importance of building a culture of awareness, especially in startups. “Small businesses often focus on growth and innovation but neglect their cybersecurity culture,” he says. “Employees must be trained not only on technical defenses but also on how to recognize phishing attempts and other social engineering tactics.”

Collaboration and Compliance

Cybersecurity is not an isolated effort; it involves collaboration across teams, industries, and even countries. The Port of Antwerp-Bruges’ cybersecurity strategy relies heavily on working with various stakeholders. “We collaborate with shipping companies, logistics providers, and government bodies to strengthen our defenses,” Herrebaut explains. “Cybersecurity is a shared responsibility, and we all need to be engaged.”

For startups, Van Raemdonck highlights that cybersecurity is increasingly part of business partnerships and legal obligations. “Companies are expected to meet certain cybersecurity standards before entering into agreements with clients. This has been the case for larger clients for some time. However, we notice that smaller suppliers and customers now have the same expectation, as they are also required to comply with cybersecurity regulations and request contractual guarantees,” he says. “By addressing cybersecurity proactively, startups ensure they meet these expectations and remain competitive in the market.”

At Secutec, Baudewijns believes that collaboration extends beyond individual businesses to the broader digital ecosystem. “We monitor the dark web for potential threats and share information with our clients to help them stay ahead of attackers,” he explains. “Cybersecurity isn’t just about securing your own company – it’s about being part of a global effort to protect everyone.”

Ultimately, cybersecurity must be viewed as a core part of business strategy, not just a technical necessity or an afterthought. From startups to large businesses, the need for solid, proactive cybersecurity measures is clear. As the threat landscape continues to evolve, businesses must remain vigilant, invest in the right technologies, and foster a culture of awareness and collaboration.