Startups are facing unprecedented breach risks; on average, 1 in 4 startups have reported a breach in the past 24 months. APIs now account for 40% of the attack-area for web-enabled Apps. APIs powering micro-services and modern UI frameworks, such as Angular or React, possess even higher risk at 90%.
Most startups in regulated industries require periodic security audit reports. Internal Sales, B2B customers, and partners continuously ask for security reports, which are usually the CTO’s responsibilities.
If the software is central to the business model, CTOs may serve as, or along with. the CIO on the executive committee, i.e., CTOs should take on the security responsibility as soon as possible to strengthen their role as a product and as a data security champion.
CTOs usually lead software development and availability efforts. It is expected that they take initiatives for data protection efforts as well.