What percentage of funds are kept in cold storage?
Do you intend to provide 2-factor authentication?
Keeping % of funds in cold storage is not the only solution, ofcourse its a good security measure, when something drastic happens it will minimize the damages, only the funds in the wallet is lost. In one of the recent event, one of the exchange followed the cold storage method still they had to shutdown the exchange. Of course your funds are important to us and we have designed\developed system that in mind and which are hosted in secure servers.
We are not intending to provide 2-factor authentication currently, all the communication happens on secure socket layer. You always have 4 attempts to login, if you fail you have to reset the password over your email. Which is simple and still effective.
So do you keep funds in cold storage? Cold storages help against theft.
Not against regulation that can get an exchange shut down.
Also, 2 factor authentication is an absolute requirement as it keeps your money safe even if your laptop is stolen or a spyware gets installed on your computer.
Bitfloor and btc-e hacks have shown us that this is the bare security requirement for a bitcoin exchange: cold storages and 2-factor authentication.
You can't take a lean startup approach to a venture where money is involved as a product. You can't fix bugs as they occur. You have to provide more security than your usual social media or blogging based startup. If you don't intend to provide these security measures yet, you should re-think and change your intention.