Funding in a bear market entails a focus shift from hype to the hard facts of business. According to Crunchbase statistics, North American venture investments declined by 37 per cent in 2023.

This can be attributed to wariness in general. During this period, investors remain vigilant around startups. Despite still having money to invest, there is now a push towards resilient businesses with models and growth trajectories.

Similarly, as noted by an investor, Trace Cohen, an economic downturn sees investors “…investors…are on the lookout for resilient companies that can weather economic downturns”.

In essence, investors today prefer startups whose profitability prospects, revenues, and capital plans are compelling for funding, which are companies that will thrive even when economies are stagnant or dropping.

Back to fundamentals: Profit and revenue growth

For instance, whereas in a bull market, investors were mainly seeking growth, and growth only, in a bear market, no matter how good a growth prospect is, it is not enough for profitability, and good business models are the key. Indeed, as one analysis points out, VCs have “put[ a] laser focus on profitability and the sustainability of startup business models when making investments”.

The importance of profitability is further underscored by Erika Knierim, startup attorney, as she says, “In a bear market, investors seek out businesses with robust value propositions and clear paths to profitability”.

In other words, will this startup actually survive or even prosper without its limitless access to investment dollars? Founders should emphasise their actual revenue earned. No more impressing with meaningless metrics like “users” or huge numbers thereof.

Pitch decks now must demonstrate “How do you make money? And why will people pay you for it?” Investors will be looking at current or near-future revenue generation and strong profit margins. In down markets, “cash is king.” Firms with more cash and greater runway demonstrate better financial management.

Capital efficiency and runway

Closely related to this is capital efficiency. Investors these days ask startups to make every dollar count. “Investors favour capital-efficient companies,” says venture advisor Lance Cottrell, because any startup that burns huge amounts of money before reaching market may die if more funding dries up. In a bear market, VCs expect longer runways, often 24 to 36 months of cash, to avoid raising in a down cycle.

This forces founders to either raise more money at the cost of diluted equity or cut expenses and growth plans. Investors reward startups that can do more with less, such as outsourcing production or focusing on minimum viable features.

As Knierim puts it: “Cash is king in a bear market…Investors will appreciate a lean operation that maximises capital efficiency”.

Also Read: Seizing opportunities: Accelerators as a strategic choice in bear markets

Revenue traction and growth metrics

Of course, profitability is important, but there is also growth momentum. So, investors will be interested to know that a startup’s product is gaining traction and users at a good rate.

However, unlike earlier, today there is a need to demonstrate this growth momentum through financial metrics. For example, revenue growth rate, retention, etc., are some of the aspects that VC investors focus on.

Within pitches, it seems that slide decks have become slightly less detailed, particularly when it comes to a now-at-times included mini “why now” market section, as TechCrunch has reported that entrepreneurship has shifted focus to time and traction for attracting investors.

Within industries that are currently favourable, pitches for startups within categories such as AI, fintech, and climate technology can use the support that comes from being within a popular sector. However, within such an industry, investors still expect to see data: “Many seed-stage startups…raise capital by reaching out to fewer than 50 investors.”

Strong team and execution ability

Investors will naturally look at the team; in a bear market, the founding team may be the deciding factor. VCs will take more risk in a bear market, but value experience in the founding team in terms of execution or in the field when the risk is higher in a bear market. The VCs will ask hard questions about the founding team and the way the company has advanced. Cottrell believes founders should welcome those hard questions.

The fact that one has the right calibre of staff and mentors helps reduce uncertainty among investors. Furthermore, being able to demonstrate your startup skills, like being able to pivot or reduce costs while keeping the company alive, helps.

As one expert says, “VCs are looking more and more for companies ‘built to last’ with strong balance sheets and contingency plans. If your team can confidently communicate their milestones, spend, and projections, this helps build trust.”

Market opportunity and differentiation

Even in a market downturn, market opportunity does matter. Investors fund only startups that solve pressing problems or have an advantage over their peers. During periods of scarce funding, competitive differentiation, technology, partnership, or focus on a niche becomes critical.

For instance, focusing on a specialised market segment today can help a pitch stand out in a crowd. Startups with unique IP, regulatory barriers, or locked-in customer contracts could justify valuations even in a bear market.

Also Read: Thriving when markets tank: Strategic lessons from history’s bear cycles

Importantly, investors assess the size of the addressable market differently now: they prefer defensible markets over just big ones. A large but fractured market may be less attractive than a small market that a startup can dominate. As one VC advises, “be very clear on your end-user and why they will pay now”.

Realistic valuations and terms

Overall, valuations are generally lower during a bear market, and terms are tougher. Founders can expect more serious due diligence and a term sheet reflecting the situation at this point in time.

According to Moonfare’s analysis, startups are often facing “down rounds” and more burdensome deal terms in this environment; investors may demand board seats or liquidation preferences and pay-to-play provisions.

While this might be painful for founders, taking a fair valuation now can preserve more equity in the long run. The key is pricing to market reality. As Robin Guo said, “Don’t raise based on ego, raise based on reality“. Set a pre-money valuation that reflects recent deals and your traction. An investor-friendly cap table today can pay dividends later when the markets recover.

Adapting fundraising strategy

Even startups must make some changes in their way of seeking funding. In an economic slowdown, it will take longer to raise the next round of funding. Hence, startups should focus on building relations. To do this, startups should reach out to investors frequently but briefly, attend every possible meeting in person, and reach out to a wider set of investors.

The founders should also consider alternative financing options, which include grants, as well as corporate investment or bootstrapping in extreme cases. As a matter of fact, every founder needs a ‘plan B’ for accessing funds.

As a seasoned entrepreneur states: “During difficult times, I am far more likely to invest in a company that will use my money to grow rather than one that uses it just to survive”. In simpler words, explain how you plan to use the finances for accelerating growth, as opposed to mere survival.

Conclusion

Funding is not easy in a bear market, although some startup opportunities will emerge depending on how well they fit into the new criteria set by investors. While a bear market is characterised as conservative, startups that offer value and cost efficiency, and have shown how returns can be achieved, will impress investors.

We’ve already learned that, for funders, the same basic principles that are important across any given market have now become non-negotiable. By focusing pitches around profitability, traction, and growth, founders signal that they get it. Ultimately, by doing so, they ensure that they will not only make it through this bear market but also come out even stronger when better times return.

—

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic.

Enjoyed this read? Don’t miss out on the next insight. Join our WhatsApp channel for real-time drops.

The post Funding in a bear market: What investors are looking for now appeared first on e27.

The post From hardware to trustware: How cyber passports will prove digital trust appeared first on e27.

Shadow IT used to be easy to picture. Someone signed up for an unapproved SaaS tool, stored sensitive data in it, and security found out later. That pattern still exists, but it is no longer the main story.

The bigger shift is shadow automation. Employees are quietly building automation pipelines across tools the company already uses, plus whatever glue they can access. The result is not a new “app” to discover. It is a new set of data flows and actions that execute inside your environment with limited oversight.

This is why insider risk feels different right now. It is less about a single person doing something bad, and more about ordinary productivity behaviour creating persistent, privileged pathways that no one owns end-to-end.

The new shape of shadow work

Automation has become the default way modern work gets done. People connect forms to spreadsheets, tickets to chat, CRM fields to email sequences, and alerts to on-call rotations. They do it because it saves time and reduces manual errors.

The problem is that the easiest path is rarely the safest path. A “quick workflow” is often built with broad permissions, long-lived tokens, and vague ownership. It runs quietly in the background, sometimes for years, long after the original creator has moved on.

Shadow automation is the same impulse as shadow IT, but with more leverage. It touches multiple systems at once, moves data automatically, and can trigger actions without a human present.

Why automation becomes an insider risk even without malicious intent

Security teams are used to controlling people. Policies, training, approvals, and monitoring are built around human behaviour. Automation bypasses that assumption.

A person can only export so much data in a day. A workflow can export continuously. A person might hesitate before sending sensitive information to an external destination. A script will do exactly what it was told, every time, even if the context changes.

The risk compounds when automation is created by people who are not thinking like engineers. They are not wrong for that. It is simply not their job. But it means basics like least privilege, error handling, logging, and key rotation are often missing.

When something breaks, it usually breaks silently. When something is abused, it often looks like legitimate API activity.

Also Read: Trust by design: Why cybersecurity is the new economic backbone

Where shadow automation hides

Most organisations still look for shadow IT through app inventories and procurement controls. That approach misses the reality of automation because the components look “approved” in isolation.

A workflow tool might be sanctioned. A cloud storage platform might be sanctioned. An internal API might be sanctioned. The risky part is the chain and the permissions that connect it all.

You see shadow automation in personal scripts scheduled on laptops or jump boxes, ad-hoc serverless functions created for a project, webhooks that forward data to external endpoints, and AI agents connected to corporate systems to “help” with tasks.

The common pattern is that automation inherits trust. It uses valid tokens, valid accounts, and valid access routes. That is exactly what makes it hard to see and easy to underestimate.

The blind spot security keeps stepping into

Traditional insider risk programs tend to ask, “Who accessed what?” Shadow automation forces a more uncomfortable question: “What is acting on our behalf, and under whose authority?”

That second question exposes gaps in ownership and lifecycle. Who is responsible when the workflow runs at 2 a.m.? Who gets the alert when it fails and retries? Who reviews its permissions when systems change? Who revokes access when an employee leaves?

If there is no clear answer, you do not have an integration. You have an unmanaged privileged actor.

What “good” looks like without killing momentum

The goal is not to ban automation. If you try, you will create the worst possible outcome: the same automation, but quieter and harder to govern. The goal is to make safe automation easier than unsafe automation.

Start by treating automation as an asset class. That means you maintain an inventory of workflows, scripts, agents, and connectors that can access sensitive systems. You do not need perfection on day one. You need a place where ownership and intent are recorded and can be reviewed.

Next, focus on identity, because automation is identity at scale. Most automation risk is permission risk. Reduce broad scopes. Avoid long-lived keys where possible. Prefer managed identities and short-lived tokens. Make sure every non-human identity has an owner and a reason to exist.

Then address data movement explicitly. In many environments, data is not lost because storage was insecure; it is lost because it was copied into the wrong place as part of a “helpful” workflow. Decide which data types are allowed to flow into which destinations, and enforce it at the connector level where feasible.

Finally, bring change control to the places where it matters. Critical automations should have versioning, basic testing, and a kill switch. Even if the automation is “no-code,” it still needs a lifecycle. The more business-critical the flow, the closer it should look to a software discipline.

The practical first-quarter plan

If you want to reduce risk quickly, do three things in the next quarter.

First, identify your top automation surfaces. Pick the tools and platforms where automations are most likely to exist, and require owners to register anything that touches sensitive data or privileged systems.

Second, implement permission hygiene for automation identities. Review high-privilege tokens and connectors. Remove legacy access that no longer has a clear business justification. Put an expiration expectation on credentials that currently live forever.

Also Read: Cybersecurity: The evolution from digital safeguard to economic governance

Third, improve detection by looking for automation patterns rather than user patterns. Pay attention to unusual frequency, unusual destinations, and unusual chaining across systems. The signal is often not “a weird login,” but “a normal call happening at an abnormal rate.”

The cultural piece everyone avoids

Shadow automation is also a trust issue. Employees automate because they are trying to be effective, and often because official paths are slow or unclear. If security shows up only as a blocker, people will route around it.

A mature approach treats automation builders as partners. Give them safe defaults, clear guardrails, and lightweight ways to get approval for higher-risk workflows. Create a path where someone can say, “I built this,” without fearing punishment.

That is how visibility improves. And visibility is the prerequisite for control.

Closing

Shadow IT was about tools. Shadow automation is about power. It turns everyday access into repeatable execution across systems, often with more privilege and less oversight than anyone intended.

If you want to modernise insider risk, stop focusing only on what employees install. Start focusing on what runs on their behalf. The organisations that do this well will not slow down innovation. They will make automation safer, more observable, and easier to trust.

—

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. You can also share your perspective by submitting an article, video, podcast, or infographic.

The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of e27.

Join us on Instagram, Facebook, X, and LinkedIn to stay connected.

The post Shadow automation: The new insider risk appeared first on e27.

AI agents and chat interfaces are no longer limited to answering questions or recommending content. They increasingly act on behalf of users—approving transactions, scheduling actions, filtering information, and making decisions that once required human judgment. This shift is subtle but profound. When systems act for us, cybersecurity is no longer just about protecting data; it becomes about protecting trust.

When automation enters the workflow

In many organisations, AI agents are introduced to improve speed and efficiency. Customer support bots resolve tickets. Financial systems flag or approve transactions. Internal copilots summarise meetings and suggest decisions. At first, these tools feel like assistants. Over time, they become delegates.

The transition often happens quietly. A system that once suggested an action is now executing it. A chatbot that once escalated issues now resolves them autonomously. This is where the security conversation usually lags behind the product decision.

The moment trust becomes a concern

Trust issues tend to surface only after something goes wrong. A transaction is approved that should not have been. An automated message shares sensitive information. A system makes a decision that no one on the team can fully explain.

What makes these incidents different from traditional security failures is diffused responsibility. No single person made the decision. The system did—based on rules, models, and data pipelines built by multiple teams over time.

When users interact with AI through natural language, the system feels human. That perception increases trust, sometimes beyond what the system actually deserves. Users disclose more information. They question decisions less. Attackers understand this dynamic and exploit it.

Also Read: Hunters in the dark: AI agents and the cybersecurity trade-off

Accountability in machine-led decision

AI agents change how accountability works. In human workflows, responsibility is clearer. A person approves a payment. A manager signs off on access. With AI agents, decisions are distributed across models, prompts, APIs, and permissions.

When something goes wrong, teams often ask:

• Was it a data issue?
• A model behaviour?
• A prompt design flaw?
• Or a lack of human oversight?

From a cybersecurity perspective, this ambiguity is a risk. Systems that act autonomously require explicit accountability frameworks, not implicit trust in automation.

New risks introduced by chat interfaces

Conversational interfaces create security risks that traditional systems did not face. Natural language is flexible, ambiguous, and emotionally persuasive. This opens new attack surfaces:

• Prompt manipulation that bypasses safeguards
• Social engineering through AI-generated responses
• Over-permissioned agents that can act across systems
• Users mistaking confident language for correctness

Unlike classic software vulnerabilities, these risks are behavioural. They sit at the intersection of human psychology and system design.

Overconfidence in AI-driven systems

Founders and teams are often overconfident in AI systems because they appear intelligent. A system that explains its reasoning convincingly can mask uncertainty or error. This creates a false sense of security.

Overconfidence shows up when:

• Human review is removed too early
• Audit logs are minimal or absent
• Edge cases are dismissed as rare
• Security is assumed to be “handled by the model”

In reality, AI systems amplify existing risks if governance does not evolve alongside capability.

Also Read: Trust by design: Why cybersecurity is the new economic backbone

Different sectors, different expectations of safety

Expectations of safety vary widely across sectors. In fintech or health, users expect rigorous controls and clear accountability. In media or productivity tools, the tolerance for error is higher until trust is broken.

AI agents blur these boundaries. A general-purpose chatbot used in a low-risk context today may be embedded in a high-risk workflow tomorrow. Security assumptions must travel with the agent, not the use case.

Rethinking responsibility and risk

The key shift is not technical; it is conceptual. Teams must move from asking “Is the system secure?” to “Who is responsible when the system acts?”

This means :

• Designing AI agents with least-privilege access
• Keeping humans in the loop for high-impact decisions
• Logging not just actions, but reasoning paths
• Stress-testing systems for misuse, not just failure
• Training teams to question AI output, not defer to it

Security becomes a shared discipline across product, engineering, and leadership—not a downstream checklist.

One lesson for building teams with AI today

The most important lesson is simple: do not outsource trust to machines.

AI agents can act, decide, and communicate at scale—but accountability remains human. Teams that build secure, trusted AI systems are not those with the most advanced models, but those that design for scepticism, transparency, and responsibility from the start.

As AI agents continue to take action on our behalf, cybersecurity will be defined less by firewalls and more by how well we understand and govern the relationship between humans and machines.

—

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. You can also share your perspective by submitting an article, video, podcast, or infographic.

The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of e27.

The post The new cybersecurity battlefield: Protecting trust in the age of AI agents appeared first on e27.

Many SMEs in Southeast Asia only realise their finance setup is no longer working when growth accelerates. Processes that once felt manageable begin to strain as transaction volumes increase, additional stakeholders enter, and reporting requirements tighten. 

In reality, clearer workflows and stronger process visibility enable problems to be identified much earlier, before delays, errors, and cash-flow blind spots become structural.

The issue is not poor execution. More often, finance systems in SMEs are designed for stability rather than growth.

SMEs power Southeast Asia, but finance is still treated as an afterthought

Small and medium enterprises dominate Southeast Asia’s business landscape. Across the region, SMEs account for roughly 97 per cent of businesses and contribute over 40 per cent of GDP.

Despite their scale, many SMEs still rely on manual, disconnected processes for core finance tasks. Research by the Economic Research Institute for ASEAN and East Asia (ERIA) highlights persistent barriers to digital adoption in developing Asian markets. These include limited business knowledge, gaps in ICT skills, and a lack of localised support.

We see the same pattern in mature markets like Australia. Even with great tech available, an October 2025 OFX report found that 80 per cent of Australian SMEs still rely on manual processes to reconcile expenses. In fact, nearly 38 per cent of business owners report that simple manual data-entry errors are their biggest daily headache. 

It’s a classic case of ‘if it isn’t broken, don’t fix it’ until the manual workload finally becomes too heavy to manage.

Finance issues follow predictable patterns as businesses scale

As SMEs grow, financial complexity increases faster than many teams expect. Invoice volumes rise. Transactions multiply. More people touch the process. Customers and suppliers operate across borders. Regulatory and reporting requirements tighten.

When finance processes are not redesigned for higher volumes, familiar issues begin to surface:

• Invoices are sent late or tracked inconsistently
• Approvals are concentrated with one individual
• Reconciliation is rushed at month-end
• Cash flow visibility becomes limited

These challenges are not surprising. They are the natural outcome of processes that were never redesigned as volumes increased. 

Consulting and software surveys repeatedly point to the same outcome. Weak invoicing and reconciliation processes that depend on spreadsheets or email lead to delayed payments, write-offs, and significant time spent chasing basic financial information.

Also Read: Security, trust, and the future of finance in an AI-driven world

Automation is about reducing friction, not adding tools

Automation is often misunderstood as a large-scale system change or a heavy transformation, when in reality it is primarily about reducing operational risk and manual friction.

For most SMEs, progress starts much smaller.

OECD research on SME digitalisation shows that smaller firms adopt digital tools more slowly than larger organisations, even though the efficiency gains are often proportionally greater. The challenge is rarely technology alone. It is deciding where to start and what to simplify.

In practice, effective automation focuses on removing repetitive friction:

• Standardised invoice workflows
• Automated reminders instead of time-consuming follow-ups
• Approval steps that do not depend on one person
• Fewer instances of entering the same data multiple times

The priority is reliability first. Speed and sophistication follow naturally once the basics are stable.

A practical three-step reset for SME finance

For SMEs looking to improve finance operations, a phased approach is often the most effective.

• Step 1: Make the workflows visible

Document how invoicing, payments, expenses, and compliance actually work today. Simple process mapping often reveals duplication, unclear ownership, and hidden bottlenecks.

• Step 2: Fix the biggest point of friction

Focus on one or two problem areas, such as unpaid invoices, approval delays, or reconciliation backlogs. Small, targeted improvements here often deliver immediate operational and cash flow benefits.

• Step 3: Connect workflows over time

Gradually link invoicing, payments, reconciliation, and reporting so information flows with fewer handoffs. This is where finance shifts from record-keeping to decision support. Research by McKinsey has shown that connected finance workflows can significantly shorten close cycles, in some cases from weeks to days.

Also Read: Why perfect carbon audits could cripple climate finance — and what to fix instead

What consistently works across SMEs

Across SMEs in Singapore and the wider region, several patterns are consistent:

• Small, focused improvements outperform large system overhauls
• Early clean-up reduces operational and compliance risk
• Clear records make audits, fundraising, and reporting easier

When finance operations are stable and predictable, less time is spent fixing errors and more time is available for planning and execution.

The payoff of clear finance processes

Finance rarely becomes a problem overnight. It becomes one gradually, as systems fail to keep pace with growth.

Effective finance operations do not need to be complex. They need to provide dependable visibility. Knowing who owes the business money, what needs to be paid, and where cash stands makes day-to-day operations calmer and month-end faster.

As Southeast Asia’s SMEs continue to expand across borders and operate in increasingly regulated environments, financial maturity will become a competitive advantage rather than a compliance requirement. Clear, connected finance processes provide the operational foundation for sustainable growth and long-term competitiveness.

—

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. You can also share your perspective by submitting an article, video, podcast, or infographic.

The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of e27.

Join us on Instagram, Facebook, X, and LinkedIn to stay connected.

The post The SME finance reset: 3 steps to fix what’s breaking your growth appeared first on e27.