Your CMO has traditionally been the guardian of your brand, nurturing and developing brand value by maintaining clarity, relevance and quality of your engagement with your target market and customers. In these terms, little has changed in recent times apart from the new challenges of adapting to a digital, socially connected economy to engage through relevancy, with immediate feedback loops.
So how is the CISO now relevant?
Until relatively recently, the cost of an enterprise security breach was manageable in the sense that typically it was a commercial risk, relatively contained and traceable with a physical trail, and the value of what was accessed was usually only of value to unscrupulous competitors or activists pursuing a cause. Regulatory fines were painful but affordable. The public’s awareness and concern of such breaches was relatively low and containable with good crisis media management. The issue was not an important factor in consumer brand choice.
Is your brand worth less than a major security breach?
In a democratised digital economy, the value of specific data has increased exponentially. Consumer financial account information, that allows fraudsters to attempt to skim accounts for amounts large and small in the blink of an eye, has spiraled as it is traded around the globe, often generating more money in broker trades than in the direct fraud itself. The constant mutation of attempted fraud techniques means the problem for corporates is unpredictable and many are not yet analysing the risk sufficiently to react appropriately with the correct level of investment in strategic protection. It could be argued that this is the problem that is exacerbating the issue more than the ingenuity of fraudsters.
How much risk are you prepared to take?
The value now at risk is no longer tangible, it has switched to intangible assets and most importantly brand.
64% of consumers worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen. 49% percent of respondents said they would take or would consider taking legal action against any of the parties involved in exposing their personal information.*
Therein lies the true risk. Consumers move in tribes, even though their carelessness is often partially to blame (54% are using the same password for all or some of their online accounts), they will not forgive you for your negligence with their data. So, the real risk is unquantifiable and potentially fatal to your enterprise.
What should we do?
Driving collaboration between CISO’s and CMOs may be a smart corporate initiative for many companies to identify and communicate the risk and devise mitigation strategies.
Any major enterprise, managing large amounts of 3rd party data that does not have enterprise security on its strategic priority action list for 2017 may already be a dead man walking.
*according to a recent global survey by Gemalto, titled Broken Trust: 'Tis the Season to Be Wary, which surveyed 5,750 consumers in Australia, Brazil, France, Germany, Japan, United Kingdom and United States.