Five Eyes Alliance Joins Forces to Protect Startups from Cyber Threats

The Five Eyes alliance, comprising Australia, Canada, New Zealand, the United Kingdom, and the United States, has launched a new initiative to bolster cybersecurity in IT startups. Known for their close intelligence coordination, these nations aim to shield innovative companies from intellectual property theft and other cyber risks.

At a summit in October 2023, coalition members identified key risks posed by Chinese hackers and formulated five foundational principles for business protection. The recommendations are intended to raise startups’ awareness of cyber threats and propose concrete preventive measures.

Core Cybersecurity Principles

• Understanding Threats: It is essential to identify vulnerabilities that could jeopardize development and business operations.
• Protecting Business Processes: Responsibility for cyber risk management should be designated by appointing a security leader at the board level.
• Embedding Security in Products: Security measures should be integrated at the design stage to minimize vulnerabilities and safeguard intellectual property.
• Verifying Partners: When collaborating with third parties, ensure their reliability and ability to secure shared data.
• Accounting for Growth Risks: Startups should consider cyber threats as they expand teams and enter new markets.

A year later, the coalition presented new resources detailing practical ways for startups to implement these principles. The materials vary in form and content, reflecting each country’s approach.

The UK released an infographic, while Canada prepared a guide for technology investors. New Zealand developed a handbook with step-by-step incident response instructions. The US introduced five documents, including one with recommendations on data protection during international travel, advising remote data wiping capabilities, encryption, and carrying only essential data on business trips. Australia published a document titled Secure Innovation Placemat.

The variety of materials reflects each nation’s unique approach, yet all share a unified goal: to provide coordinated guidance that accounts for the global nature of startups and cyber threats.

Despite the coalition’s efforts, experts note that cybersecurity is often neglected in the fast-paced growth environment of startups. The “move fast and break things” culture popular in the startup sphere can hinder the adoption of these guidelines. Past security challenges in companies like Uber, Lyft, GitLab, and OpenAI demonstrate that checklists and instructions alone are insufficient to prevent complex incidents.