Why CMOs Need to Apply More Diligence to Cybersecurity Resilience.

Media scrutiny, public awareness and customer concern about cyber threats, personal data compromises, identity theft and Internet fraud are on the rise across every sector of business, public and consumer life.

As a result, digital security has become an issue with significant implications for the relationship between brands and their customers, suppliers, partners and investors. 

Are CMOs stepping up to play their part in assuring brand trust, confidence and reputation in the connected economy with multiplying digital payment and customer engagement options?

Are they effectively teaming with C-level peers to proactively engage key stakeholders in brand safety, privacy protection, threat deterrence and security compliance?

New CMO Council research indicates this might not be the case.

There’s no question, multiplying challenges face today’s virtual enterprise seeking to secure and protect a distributed workforce, digitally dependent customers, at-risk supply chains, personally identifiable information (PII) and business continuity.

According to a new report based on a 2021 Global Digital Trust Insights Survey of over 3,200 business and technology executives by PwC, “new technologies and business models — and the fast pace of adoption — bring new risks. But, like the high-powered brakes on a racecar, cybersecurity makes high-speed digital change a lot safer.”

PwC notes that nearly all (96%) of survey respondents say they’ll adjust their cybersecurity strategy due to COVID-19. Half are more likely now to consider cybersecurity in every business decision — that’s up from 25% in PwC’s survey last year. Like CMOs, savvy chief information security officers (CISOs) need to be in step with the vision and goals of their enterprise as a whole, not just IT.

Most importantly, protocols and systems need to be in place to pre-empt, contain and recover from brand hijacking, customer data (PII) breaches, cybercriminal incursions, and internal security failures.

In a strategic brief on Why CMOs Should Care About Cyber Risk, Deloitte notes that “newer marketing strategies are likely opening the door to cyber risk, leaving organizations vulnerable to cyber breaches. Such attacks have the potential to compromise not only a brand’s reputation, negatively impacting loyalty and consumer trust, but also a brand’s ability to grow by acquiring new customers who may avoid a company that’s experienced a breach.”

Deloitte’s report states: “Many consumer products companies appear to be operating with a false sense of security regarding cyber risk. This is suggested by the fact that even though 76 percent of consumer products companies perceive themselves to be adequately prepared for a cyber breach, a full 87 percent do not have an incident response plan that has been documented and tested in the past 12 months.”

This is reinforced by a global outlook study by the CMO Council (Getting It Done in 2021), which found only seven percent of 200 marketing leaders surveyed were concerned about brand safety and protection despite greater investments in marketing automation. When asked about capabilities needed in the year ahead, just one percent of survey respondents believed they need to improve brand protection and cybersecurity resilience.

This lack of concern seems to contradict the latest security economic indicators:

·      Cybercrime is estimated to cost the world $10.5 trillion annually by 2025 (Cybersecurity Ventures)

·      There were over 10 confirmed data breaches a day in 2020 (Varonis reports 3,950 in 2020)

·      The global average cost of a data breach is $3.86 million (IBM)

·      An average of 4,800 websites a month are compromised with form-jacking code (Symantec)

·      A business will fall victim to a ransomware attack every 11 seconds in 2021 (Herjavec Group)

·      According to the FBI, phishing was the most common type of cybercrime in 2020—and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019, to 241,324 incidents in 2020. 

In our opinion, CMOs have an essential leadership role to fulfill in tandem with the CISO, CIO, CTO, COO and chief risk and compliance leaders. The CMO Council advocates this role includes:

·      Mapping, modeling and simulating potential cyber threats, security breaches, regulatory changes, product issues, geo-political incidents, supply chain disruptions, natural disasters, and/or operational interruptions

·      Monitoring and addressing the risk, exposure and brand protection requirements of new marketing and advertising technologies, digital/social media campaigns, omnichannel interactions, as well third-party data and content quality

·      Organization-wide policies and practices to handle and respond to eCommerce compromises, digital brand hijacking, phishing, trademark infringement, product piracy, intellectual property theft, copyright violations, etc.

·      Stepped up oversight of programmatic media buying, which has resulted in notable, image-sensitive brand ads appearing within or alongside hateful, derogatory and offensive rich media content, fake news, as well as non-contextual and inappropriate online channels. 

It’s important to note that customers are prioritizing data security and privacy: 87 percent of consumers said they will take their business elsewhere if they don’t trust that a company is handling their data responsibly, according to a PwC study.

Customer trust and data privacy go hand-in-hand, but too many marketers don’t understand what’s involved in this digital handshake — nor what’s at stake. A data breach can reduce a company’s bottom line to shreds and tarnish its brand reputation for years.