You’re really excited by your new project, and have only one idea in mind: the launch and success of your new web application.
Your concept is indeed awesome but you’re afraid that someone else has the same idea and markets a similar product before you. So you run fast, work hard with your team (or alone…) and do your best to finish everything as soon as possible: your market analysis, the funding, the design, mock-ups, the development… everything you need for the web application to work fine, to be ergonomic, and you launch, at last!

And security? 
“no we don’t have time for this right now”,
“no it’s a little bit early for us”,
“we can’t lose time on this right now”

5 reasons to invest in security - illustration

So many reasons to work on this later, right?  So many reasons that you will completely forget about it, since when your new website is launched you now have many other things to do: work on some improvements, work on new features, advertise, and so on an so forth.

Here are reasons why you must care about security for your brand new web application:

1. In any IT project, security must be thought during the design phase

That’s the number one rule in IT projects and particularly on web projects, really exposed to external threats: Security must be included in the technical design.
If you don’t do this, you fail. Recovering from a security incident, brand damage, downtime, is really more expensive than investing in security.

2. It’s cheaper to make something secure right from the beginning vs. rework

In terms of software development, the cost of security is almost like the cost of bug fixing: the sooner, the cheaper.
Some security breaches are quick and easy to fix, but some can be very painful.
Let’s assume that your passwords system is weak. You’ll have to modify the algorithm that manages authentication, maybe the way you manage password recoveries, perform some modifications on existing data, have your website on a maintenance mode…
Detecting a vulnerability on your website after a few months of activity can be quite boring, but detecting it before you go live is easier to manage.

3. Your investors will appreciate you care about security

With all the security scandals and breaches we are seeing these days, the web is not fully reassuring, especially when you put a lot of money in it.
Setting aside time and resources for security is necessary and will make your potential investors more confident, and maybe you by the way. By knowing you invest on security for your project, they will also feel their investment will be less risky.

4. Your clients, customers, consumers will trust you

Users of your web application are probably not all security experts (though some might be…). However if you don’t follow basic security requirements, many of them will be able to see it. Recent studies show that users pay more and more attention to security and are looking for some indicators, like HTTPS signs or security seals.
Your business logic must also be safe and since a significant part of it will be reflected in the user journey and processes your users will have to follow, a weak security policy will be visible and you will not gain the confidence of your users. If you want your customers to come, return, buy, recommend, then do the necessary efforts to build trust.

5. Reduce risks

You’re probably aware of risks and threats: data theft (consumer data or your own data), brand damage, consumer attacks, internal network attack through your website, malwares… and the list goes on.
You know threats exist, but maybe you think your business is too small to be noticed by hackers. However they use automated tools to detect some vulnerabilities and then move forward with manual attacks.
Even if small, you’re not safe and when you start growing, you become a target of choice. Also be aware that no type of industry is immune.

What you need to do:

  • create a security plan
  • think “security” during the technical and functional design
  • make code reviews
  • run penetration tests; automated tools are not efficient enough, but can help.

More? Have a look at this article “10 ways to make your web application more secure
Security is good for business, don’t forget this.