graffiti stating, "we are clever but we're clueless"
A surprising number of otherwise smart CMOs are still clueless about cybersecurity. PHOTO: Lord Jim

Today’s chief marketing officers have ever-broadening responsibilities and roles, from staying on top of constantly shifting market needs to deftly driving messages and ecommerce transactions through digital platforms like mobile and social media, to shaping product development, customer service, channel management, what have you.

And yet most CMOs aren’t involved in an area that can make or break the results of all this work – cybersecurity.

CMOs Are Key Cybersecurity Stakeholders

Think about what an epic disconnect that is. CMOs seldom have a seat at the table in cybersecurity decision-making even though a major breach can have immediate, deep and long-lasting consequences for the brand that the CMO is responsible for.

It puts CMOs in the unfair and untenable position of being held accountable for revenue and other metrics but wielding no authority on an important topic that, if the worst happens, could derail them.

Thinking of the CMO as anything less than a key cybersecurity stakeholder also makes little sense when you consider that engaging customers digitally without compromising sensitive information is at the very heart of the CMO’s mission today.

As a Harvard Business Review article reported a couple of years ago, the CMO’s role is evolving — to that of a chief marketing technologist — as digital marketing budgets expand annually at double-digit rates and CEOs regard digital marketing as the most important technology investment their businesses can make.

The article described the job as “part creative director, part technology leader, and part teacher… aligning marketing technology with business goals, serving as a liaison to IT and evaluating and choosing technology providers.”

CMOs Drive Mobile App Strategy

In many companies, CMOs now drive the mobile app strategy as part of the digital brand strategy — often involved even at the development phase, setting requirements, monitoring progress, and ensuring ongoing updates.

How is it smart to leave cybersecurity out of all this?

It’s obviously not; as high-profile breaches that have dealt a body blow to several famous brands in recent years demonstrate.

The Target Hack

In one of the most infamous incidents, cybercriminals hacked into Target’s network between Thanksgiving and Christmas 2013, gained access to 40 million credit cards and stole 70 million customer records.

The subsequent toll on Target’s brand and business operations was equally devastating, including the resignation of CEO Gregg Steinhafel, 475 layoffs and delays in filling another 700 positions, and a 40 percent quarterly profit decline. The retailer even decided to lets its employees wear jeans and polo shirts to work in an effort to boost morale after the layoffs and sales decline.

Data breaches, along with poor customer service and environmental disasters, are the three mishaps that have the greatest impact on brand reputation, according to a 2014 study by credit reporting company Experian.

Data Breaches Ruin Brands

Fraud prevention company Semafone found in a 2015 survey that the vast majority of people would shun an organization that had been breached, especially if it had failed to protect its customers’ card data. Of 2,000 respondents, 86.55 percent said they were “not at all likely” or “not very likely” to do business with a company that had suffered a breach involving credit or debit card information.

An IBM-Forbes Insights report found that 46 percent of organizations surveyed suffered damage to their reputations and brand value as a result of a cyber-security breach.

Time for CMOs to Get Security Smart

With CMOs getting more involved with development and deployment of mobile and Internet of Things apps, they need to be a lot more cognizant of the security issues.

Mobile and IoT are the greatest opportunities for companies to create differentiation as well as significantly enhance revenues. CMOs have to be extra careful that these opportunities don’t become the feasting ground for the hackers and turn it into a negative outcome for the company.

With stakes this high, CMOs clearly must own more of the cybersecurity conversation and decision-making in their organizations – especially for mobile and IoT apps, which are out in the wild and ripe for hacker attacks. Here are three steps that CMOs and their companies can take to start making it happen:

  • Establish a joint security board that regularly puts the CSO, CIO and the CMO at the same table for discussions of customer-facing security matters. The brand perspective, too often absent from these discussions at many companies now, will help lead to wiser decisions on security budgeting and priorities. Not to mention that the CMO simply deserves more skin in the game because he or she has so much skin in the game to begin with.
  • CMOs should work to become bigger cybersecurity experts. Too often, CMOs are clueless about security – it’s not in their training, and too often not in their experience. They should proactively seek out extracurricular training, whether that means taking courses or shadowing in-house security experts.
  • In too many cases, companies don’t react quickly enough to breaches and stumble in their public response. Because the CMO usually is responsible for communications, it’s his or her obligation to have a detailed plan in place, in order to inform media, analysts, customers, employees and other key stakeholders quickly, clearly and consistently. This kind of rapid response can go a long way to limiting damage to the brand’s reputation.

By taking a more active role in the cybersecurity conversation, CMOs can help shape their companies’ strategies in an area that couldn’t be more central to a brand’s long-term health.

The days of CMO ignorance about cybersecurity must end. Remember: What you don’t know can kill you.