The role of the CMO in cybersecurity – Business leadership

CMOs have an important role to play in mitigating risk and responding to cybersecurity.  

Most organisations view cybersecurity through a technical lens. Cyberattacks can lead to loss of data, corruption of information, unauthorised access to important plans and records or a loss of access to key systems. But for CMOs, the effects of an attack on reputation, trust and customer confidence is the key focus. 

Reputation is bought by building trust with customers, suppliers and the broader marketplace. And it can be lost in the blink of an eye when a security incident is poorly managed. 
 

Most people are inherently trusting. We believe in referrals from friends and accept a handshake as a bond of trust. But that trust is what cybercriminals exploit in many of their attacks. They steal trusted user accounts and passwords. They infiltrate the email accounts of trusted people. They fake the identities of trusted parties to dupe people into sending money to criminals.
 

When an organisation is breached and sensitive data is exposed, corrupted or destroyed, it can damage that brand and organisation's reputation. In 2020, the average cost of a data breach globally was $3.86 million, with almost half of that resulting from reputational damage and system downtime.  

When your systems are offline, your customers, suppliers and other stakeholders can’t reach you. That’s when they leave you for competitors and lose faith in your service. 
 

Australian responses from a global study in 2019 found 43 per cent of customers would hesitate to do business with a company that experienced a cyber incident. The same percentage also said they would never return to a company that suffered a cyberattack.
 

This is why marketers need to understand cybersecurity in 2021 and beyond is a critical issue for protecting and maintaining their brand and organisation’s reputation. Reputational damage is much harder to repair than lost or corrupted data, or a system outage.
 

Weighing up your risk appetite
 

CMOs, boards and senior leaders must consider the consequences of reputational damage as a result of a cybersecurity incident. Every brand will have a different risk appetite. That needs to be deeply understood, thoroughly debated and agreed with plans put in place to mitigate the reputational impact of a cyberattack.  

There has been, understandably, a strong focus on the technical response to cybersecurity incidents. But the impact of major data loss, interruption of access to systems or the cost of ransomware can have a significant impact on reputation and customer confidence in transacting with you.
 

CMOs also need to contribute to the organisation’s public approach in the event of a cyber incident to manage the brand perception. How you communicate with customers, and respond publicly in the event of an incident, is imperative in retaining customer trust and loyalty. There should be enterprise-wide exercises that test out the brand’s preparedness to respond to a cyber incident. 
 

Prompt management
 

Accountability and stakeholder engagement are often missed during the stress and chaos of a cyber incident. CMOs, along with the CEO and the board, should ensure they receive reputational risk reports as part of their cybersecurity and chief risk officer updates. No matter who brings this topic to table, protection and consideration for customer trust during a security incident is a critical role for the CMO and CEO.
 

Most organisations that are transparent, honest and forthcoming with information during a cyber incident bounce back and retain the trust of their customers and the respect of their peers and regulators. 
 

Take the Australian Red Cross Blood Service, which was breached in 2017 when a file containing information relating to approximately 550,000 prospective blood donors was publicly exposed through human error by a third-party supplier. The organisation notified affected individuals and the Office of the Australian Information Commissioner promptly.
 

The Commissioner praised the blood bank in a public statement, stating: “Australians can be assured by how the Red Cross Blood Service responded to this event. They have been honest with the public, upfront with my office, and have taken full responsibility at every step of this process”.
 

In contrast, when Canva suffered a cyber incident in 2019, its original communication was labelled as ‘marketing fluff’, because the online graphics giant sent customers an email that led with new t-shirt printing capabilities before mentioning the ‘data breach’, almost as an afterthought. Marketing departments that understate the seriousness of a cyber incident can do further damage to their brand. 
 

CMOs are experts in recognising when a company is facing a potential impact to their brand reputation and finding ways to communicate clearly with customers, suppliers, staff, regulators and other stakeholders to ensure challenging situations are not made worse through poor preparation and communication. CMOs and marketing directors must be prepared to be at the frontline of an organisation's response to a cyber incident. 

Tags: cybersecurity strategy, CMO role, marketing leadership

Comments are closed.