Held in late January 2026, sTARTUp Day—the largest business festival in the Baltics—once again brought the startup community together, with more than 3,000 attendees over three days of inspiration and networking. Known for its impressive scale, the festival features multiple stages, a massive demo area, pitching competitions, seminars, intense matchmaking, and various side events.
On the first day of the festival, Mari Seeba (representing the CHESS project, University of Tartu, and RIA) conducted a practical seminar focused on the shifting landscape of cybersecurity.
The seminar, attended by nearly 30 participants, highlighted a crucial trend: cybersecurity is no longer just a technical IT issue—it has become a matter of business strategy and organizational procedure. To truly understand a company’s security status, its posture must be assessed. Mari presented the results of her PhD research, which is currently in its final stages. Her work addresses exactly this challenge: how to measure security levels across vastly different organizations, from early-stage startups with low security maturity to established enterprises, in a comparable way.
Based on Mari’s framework for security level evaluation (F4SLE), a software solution called MASS was developed and tested during the CHESS project. This tool enables benchmarking with minimal privacy risks. It offers a low barrier to entry and ensures that detailed security data never leaves the respondent’s possession. However, it still allows for the central collection of aggregated data, enabling participants to benchmark their results against others and facilitating state-level analysis.
The audience received practical tips for measuring their security posture. One attendee reflected on a major shift in mindset: “We can no longer blindly trust service providers. We must deal with security topics ourselves, and cyber hygiene training for business-side employees has become a priority, even in the startup world.”
The group also discussed the myth that cybersecurity vocabulary is too complex. Participants noted that business teams are quick to adopt complex terminology for new technologies (like AI) when it suits them, yet often shy away from security vocabulary. Therefore, the barrier isn’t the difficulty of the words, but rather motivation and security culture.
The growing importance of the cybersecurity topic is evident in the numbers. Six years ago, a similar security seminar during sTARTUp Day attracted only 5 participants. Today, interest has multiplied, specifically among business leaders rather than just technical staff. This growth is particularly notable given that the seminar was competing with parallel sessions on highly popular topics such as marketing and AI.The presentation slides from the seminar are available here: https://chess-eu.cs.ut.ee/presentations/
* Photos by Silver Gutmann, Reigo Teervalt, and Kiur Kaasik (edited)