I am working with large corporations as well as with startups on cloud security. Interestingly, I talk to many financial organisations that procure services from small (SaaS) companies. Fintech is a fashionable word for that these days.
Although I already see both sides, what I am trying to get is a broader perspective on is what IT risks small companies are taking (in their own view as well as their clients view).
Not surprisingly, this will be input to a potential product that I intend to develop for that market. I can share a URL on the idea, if so encouraged (i dont want to pitch it here, just get input).
So the question then is: what obstacles do startups and the like face in doing and demonstrating proper IT risk management?