Why marketing needs to think about cyber security

Why marketing needs to think about cyber securityMarketing used to mean flyers, commercials, ad spots and billboards like Chuck Norris’ line of ‘action jeans’ that ‘won't bind your legs, ’ (presumably while you substitute traditional walking for a series of roundhouse kicks).

Chuck Norris Action Jeans

Now, a marketing department without an online strategy is practically unheard of. An industry once dominated by creatives is now built on a hybrid mix of one part artist, one part data scientist. Unlike Chuck Norris, marketing is evolving. Vast amounts of data are now handled by the marketing department. Collaboration within the organisation, outside agencies, partners, investors and tech providers means confidential data is often shared for the sake of strategy. Marketers must now, more than ever, consider how all this information is being shared and controlled over time.  

As marketing pervades the digital space, it must adapt to the growing cyber threats. Given the information marketers have on their customers, a comprehensive cyber security plan is essential. Not only does it garner trust, but the absence of it can be catastrophic, leaving your customers highly vulnerable to attack and your reputation in tatters. Marketers owe it to both their customers and their business to have a solid security strategy in place to prevent breaches and a contingency plan for the worst case scenario.

What a security breach means for your brand

‘The first casualties of any cyber-attack is brand reputation.’


Why is a blow to brand reputation considered so fatal? 'The brand of the company is the most valuable asset because it touches all things. It is behind growth and revenues. It is also the asset that when compromised … is least easily fixed’ says Tom Ordahl, CSO of Landor Associates. Despite the risk, many marketers still fail to see the importance of cyber security to their roles and industry. The industry seldom considers the need to protect itself from hacks, intrusions and threats. But playing it fast and loose with cyber security is putting your entire marketing efforts and the trustworthiness of your brand at risk.

‘Cyber attacks limit the opportunity for marketers to build brand affinity, customer loyalty and trust, and ultimately sell their services and products’, says Marketingmag. Organisations with marketing departments which are left in the dark with cyber security protocols and processes, will be ill-prepared for data breaches and unable to mitigate both the consequences and potential backlash. A prime example of this was the Red Cross data breach, one of the largest in Australian history. A 1.74 GB file containing the personal information of 1.3 million donors was left unsecured by a marketing agency contractor that developed and managed their website. The event left the organisation scrambling - pleading with donors not to abandon them.

Understanding the impact on the bottom line

In 2014, 43% of companies surveyed reported a data breach and the impact can be felt all the way through to the bottom line as customers are taking their business elsewhere. Businesses that experienced breaches have seen an increase in churn rate of 2.9%, according to a recent report done by IBM. Target is one prominent example of this. In 2013, 70 million customer credit card details were stolen by POS malware in the US. Target confirmed that the attack was a result of stolen credentials, likely taken from HVAC, their third party supplier for refrigeration systems. Target’s sales fell by 46% year-on-year in the fourth quarter of 2013 and the company saw a sharp decline of its Buzz score.

Target's declining buzzscoreBuzz score is a rating from -100 to 100 that measures public sentiment of a brand based on news, advertising and word of mouth

The lesson here is that organisations not only need to secure their own protocols but also consider the security protocols of third party suppliers. Marketing’s biggest threat to cyber security will always be complacency.  Believing that a breach will never occur or being completely unconcerned, turns the possibility of a cyber attack from an ‘if’ to a ‘when.

Understand the vulnerability of every touch point

The increasing likelihood of a security breach means that you should put protection and security at the epicenter of all your digital strategies. CMO’s must examine all touch points within customer acquisition and retention. Every marketing process, activity and personnel that deals with sensitive data must be scrutinised for vulnerabilities. This was a much simpler task when all data was stored and accessed in on-site local systems. Now, Jay Muelhoefer, CMO of Intralinks, encourages companies to ‘reconsider their perimeter.’ Cloud migration, the IoT and flexible working arrangements means data is now accessed from practically everywhere. The boundary protecting sensitive data has shifted.  

CMOs must coordinate with the Chief Information Security Officer (CISO) to ensure there are no weaknesses at any stage of the marketing process. While marketers may see each data collection event as just another step in their pipeline, the IT-savvy recognise each of these points as an inherent vulnerability. There must be an open line of communication between the two departments which allows for marketing to have conversations with IT about how to best execute digital strategies which will minimise the risk of cyber attack.

CMOs as security champions

As guardians of the brand, CMO’s should champion the creation and ongoing development of internal policy that ensures the latest security protocols are being implemented. Muelhoefer says that companies must ‘play an integral role in ensuring employees are educated on best security practice’ and that marketers need to ‘firmly control which team members view, edit and download certain information.’  

Invest in education and external expertise

Education is key to protecting your brand. Learn from the mistakes of other companies which have been victims of malicious cyber attacks and implement measures to ensure they don’t happen to your business. Hiring a security expert can also be invaluable in the fight against cybercrime. A security consultant will provide specialised knowledge, with the potential to save you money and brand reputation down the road. Educated staff and secure systems build the foundation for a strong position and a competitive advantage when the breach does occur.

In the event of an attack, maximum transparency is the best policy

If an attack manages to bypass all the protections you have implemented, the first action should be to inform your IT department. They are your defence here. While they are fighting the battle behind the scenes, marketers need to focus on damage minimisation at the frontline. Business2community says to ‘communicate quickly, directly and honestly with affected customers and other stakeholders.’ Marketers should communicate clearly what has happened, how customers can protect themselves, and how they’ll improve security in the future in as much detail as possible.

CMO’s are also responsible for ensuring that customers have an easy line of communication with the brand in crisis. Concerned customers or those in need for assistance need to be able to reach you without fuss.  The Red Cross set a good example here by providing both a dedicated hotline and website for all those affected, disclosing all they knew about the situation and keeping the public informed through live updates.

Target US on the other hand offered a case study in how not to manage a security incident. Krebs on Security released a report that Target had been breached, a full week before the official announcement went out. Once the breach was finally acknowledged, Target’s recovery measures were inadequate to handle the (inevitable) influx of customer concerns. Customer service lines were gridlocked, the website banner informing visitors of the breach was too small to see and their social media channels were struggling to keep up.

Applying your learnings

Preparedness at every stage, from acknowledgement to recovery, is the deciding factor in whether your brand will survive the fallout of a security breach. The most important thing to keep in mind once the dust settles is to learn. Learn from the mistakes your organisation made that led to the breach and use that knowledge to fortify your security for the future.

If you would like to know the actions your business should be taking to prevent cyber security breaches then take a look at the Cyber Security program for CeBIT Australia 2017 today!

CeBIT Australia Digital Marketing Report