What about the risks in the data supply chain? It isn’t unusual for a startup to store its data with a cloud service provider. But have these providers been thoroughly vetted? Do they have multiple layers of security to protect data?
What about internal data leaks which can be both malicious and accidental? Has the startup established strong policies, procedures, and controls to protect itself? The strength of cybersecurity measures is directly proportionate to the health and well-being of a business.
Supply Chain Risks
When companies start out, they usually focus all their time and energy on their core operations. So, it makes sense to outsource non-core functions such as recruitment, PR/marketing, and sometimes, product testing and IT infrastructure management.
Yet, as with anything else, outsourcing has its risks. A supplier may fail to deliver up to standards. A crisis may disrupt the supplier’s operations. Worse still, a supplier may steal its customer’s intellectual property.
The board will want to know if a startup has researched its suppliers thoroughly. Has it validated supplier qualifications with industry authorities? Has it checked what kind of insurance the supplier has—be it professional liability insurance, public liability insurance, or general liability insurance?
Insurance certificates also need to be inspected to ensure that they provide a sufficient level of coverage, so that if the supplier faces a failure, the loss effects don’t ripple out to customers.
Reputation Risks
The horsemeat scandal, the Gulf of Mexico oil spill, a musician’s viral YouTube rant against United Airlines customer service, a massive data breach at Adobe… these incidents might seem completely unrelated. But all of them caused significant reputational damage to the companies involved.
A startup’s reputation is one of its most valuable assets. It determines how the business will be treated by investors, shareholders, customers, and partners. A good reputation takes years to build, but just a moment to crumble—especially in today’s hyper-connected and socially networked world, where the news of a failure at a company can spread like wildfire.
Reputational risk comes in many forms—regulatory non-compliance, supplier issues, bad customer experiences, cyber attacks, and more. A startup might not be able to control all these risks, but it can definitely identify its biggest vulnerabilities, and prioritize its reputational risks accordingly. It then becomes easier to mitigate these risks.
Taking the Risk Conversation Forward
Most risks are identifiable and manageable. But the key to effective risk management is collaboration—the board and management team need to have regular, creative, and practical discussions about the risks facing the business in order to ensure that the right focus and resources are being applied. Organizations that do this display a high level of risk maturity—which is always a good sign to investors.
