Shared 15 October, 2024
Ed Bartlett is a seasoned veteran of three technology start-ups.
Through his past ventures, Bartlett got first-hand experience with how security compliance and Governance, Risk, and Compliance (GRC) can be game changers for tech businesses seeking funding or preparing for an exit. This journey led him to his current position as a CEO at HiComply.
Drawing from his personal journey with his previous venture, Kykloud, Bartlett shared clear insights into the importance of seizing the low-hanging fruit of compliance to:
The Tech World’s Wild Ride
Bartlett likens the tech industry to a rollercoaster – thrilling, occasionally terrifying, but always exhilarating.
In the early days of Kykloud, the team was so laser-focused on crafting the perfect product that they nearly overlooked the critical aspects of security and compliance. “It was like trying to build a house without a foundation,” Bartlett muses. “Sure, it might look great from the outside, but one strong gust of wind and the whole thing could come tumbling down.”
This oversight is particularly relevant for technologies delivering solutions in data-heavy and regulated industries such as real estate, insurance, finance, biotech, and healthcare.
Show Me the (Secure) Money: The Investor’s Perspective
Investors in the tech space are becoming increasingly savvy. They’re not just looking for the next shiny app or platform; as Bartlett explains it, they’re seeking businesses with their house in order – and by “house,” he means their security and compliance infrastructure.
The Due Diligence Dance
Bartlett paints a vivid picture: You’re in a boardroom, pitching to a group of investors. You’ve nailed your product demo, your financials are solid, and you’re feeling pretty good about yourself. Then, one investor leans forward and asks, “So, tell me how strong is your information security posture?” Suddenly, you feel like you’re back in school, facing a pop quiz you didn’t study for.
This scenario is becoming more common in the tech world. Investors want to see that you’re not just building a great product, but that you’re also protecting it – and your customers’ data – like Fort Knox.
Preparing for the Big Day: The Exit Strategy
When it comes to investment and exits, having a robust security compliance and GRC framework in place can make all the difference. Whether you’re aiming for the next funding round, an acquisition, or an IPO, being prepared is key.
As Jeremy Gristwood, VP of Global Business Operations at Investorflow, states, “Infosec and being ISO 27001 certified is right up here on the to-do list when it comes to being exit ready, the sooner you start the preparation, the better.. it’s no longer an option,… it’s essential”.
Bartlett’s network of investors also agree that information security and ISO 27001 compliance are among the most heavily focused areas during investor due diligence. “It’s going to catch a lot of companies out,” he warns, noting that buyers can spend as much time on due diligence of information security as they do on the product itself.
Drawing from his own experience, Bartlett recalls the sale of Kykloud to Accruent.
“One of the things that smoothed the process was our focus on security and compliance,” he reflects. “It’s like dating – you want to put your best foot forward, and nothing says ‘I’m a catch’ quite like a well-implemented ISO 27001 certification.”
The ROI of GRC: More Than Just Ticking Boxes
However, implementing a solid GRC (Governance, Risk, and Compliance) framework isn’t just about pleasing investors or acquirers – it’s about building a stronger, more resilient business.
According to an IBM statistic, the average cost of a data breach in 2020 was £2.9 million. “That’s not pocket change, even for the most well-funded tech firms”.
Your GRC Wingman: The Hicomply Solution
At Hicomply, Bartlett and his team have created a platform that makes achieving and maintaining security compliance as painless as possible. The system does all the hard work for you, so that you seize the low hanging fruit quickly and effective. Procedures are prebuilt and customised to your company’s needs, and these have achieved 100% pass rates for the company’s existing clients.
He likens it to a GRC wingman, helping navigate the complex world of information security management.
Secure by Design: The Future of Tech Firms
Looking ahead, Bartlett predicts that GRC will play an even more significant role in funding strategies. He anticipates investors will place greater emphasis on startups that can demonstrate:
A Call to Action
As Bartlett wraps up his insights, he challenges his fellow technology pioneers to take a hard look at their security and compliance practices.
“Are you ready for that investor meeting?
Could you confidently navigate an acquisition process?” he asks.
“If not, it’s time to step up your game.”
Here’s what tech firms can expect from this:
Bartlett leaves us with a thought-provoking analogy: “In the tech world, your product might be your castle, but your security and compliance framework are your moat. Make sure it’s deep, wide, and filled with metaphorical crocodiles.”
It’s clear that building trust through robust security measures is just as crucial as creating innovative technology. And as he aptly puts it, “Your investors (and future acquirers) will thank you for it.”
Join our community of 200,000+ real estate leaders and get weekly insights and updates with our newsletter.
