In the third webinar of the Cybersecurity Essentials for Startups series, hosted by The Top Voices, leading information security expert Ilia Dubov shared how startups can turn their teams into the most reliable line of defense — by building a strong cybersecurity culture from day one.
Speaker
Ilia Dubov is the Head of Information Security and Compliance at Kaspersky. With over 11 years of experience in the field, he brings deep expertise in implementing sustainable security practices — even in resource-constrained environments and without a dedicated security team.
The Human Factor in Cybersecurity
According to recent data, over 90% of cyberattacks begin with phishing, 60% of breaches involve human error, and companies around the world lose approximately $17,700 every minute to such incidents. These figures highlight a simple truth: even the most advanced technical defenses become ineffective if people are not engaged in security practices. Mistakes such as sending sensitive data to the wrong recipient, clicking on suspicious links, or reusing weak passwords create entry points that attackers are quick to exploit.
Cybersecurity is no longer the sole responsibility of the IT department — it’s a shared responsibility across the entire team. Building a culture of security awareness is the only sustainable way to reduce human-related risks and empower every employee to become an active participant in protecting the company.
What Is Cybersecurity Culture and Why It Matters
Cybersecurity culture is not just a set of rules — it’s a system of habits, mindsets, and behaviors shared across the entire company. It is reflected in how people make decisions, use technology, exchange information, and respond to potential threats. At its core, cybersecurity culture means individual responsibility, proactive behavior, and strong leadership support. When employees are regularly trained, follow secure practices in their daily work, and feel safe speaking up about suspicious activity, security becomes part of the company’s DNA.
Why does this matter? A real-world example makes it clear: in 2016, an employee at the Austrian company FACC received a phishing email that appeared to come from the CEO, requesting a €42 million transfer. The employee trusted the request and processed the payment. As a result, the company lost the money and later dismissed its top executives. One convincing message — and the absence of a culture that empowers employees to question unusual requests — led to a massive loss.
Cybersecurity culture isn’t about control — it’s about awareness and collective resilience. And more often than not, it’s what determines whether a mistake becomes a full-scale incident or gets stopped in time.
How to Build a Cybersecurity Culture in a Startup
Even with limited resources, a startup can establish a strong cybersecurity culture from the outset. It begins with the right mindset: when leadership visibly prioritizes security and models responsible behavior, it sets the tone for the entire team.
Cybersecurity should be integrated into onboarding. From day one, employees need to understand the key risks, basic security principles, and the steps to take if they encounter suspicious activity. Open internal communication channels allow team members to raise concerns and share observations without hesitation, enabling faster detection and response.
When security-conscious behavior is recognized and becomes part of daily team dynamics, it naturally evolves into the organizational norm. This creates a sense of collective responsibility and resilience — without the need for constant oversight.
Embedding secure practices into daily operations — whether in finance, product development, or communications — ensures that security becomes a seamless part of how work gets done. This level of integration helps startups mitigate risks and build long-term readiness against evolving threats.
Conclusion
Building a cybersecurity culture is an investment in people. Startups that establish a security-aware mindset from the very beginning create a strong foundation for protection, reinforce customer trust, and minimize risk. A well-established security culture is one of the most scalable and cost-effective assets a company can develop.