The CMO’s Role in Cybersecurity – Taking an Active Approach

In an age of 350K new malware programs discovered daily, putting cybersecurity first seems like a no-brainer. But whose job in the organization is cybersecurity? 

Cybersecurity is everyone’s responsibility. Yes, your SOC team is on the hook for policy creation, training, and compliance. But if you want your cybersecurity initiatives to resonate with your customers, it is also an imperative for my fellow CMOs. 

If you’re a CMO who is not paying attention to cybersecurity, now is the time to start. One nefarious adversary can do tremendous damage to your hard-earned reputation.

Taking an interest and proactive approach to cybersecurity will help you protect and maintain brand customer trust and confidence. Additionally, you can ensure your organization is prepared in advance. That way, in the event of a breach, you’ll already have a solid foundation and plan for customer retention. If you’re unsure where to start, here are some pointers that can help.

Understand Your Risk Appetite (Plan for the Best and Prepare for the Worst)

An organization’s reputation takes years to build and can crumble in the face of a single front-page breach. Data breaches are costly on a number of levels, but those actual levels depend on your industry and customers. While a breach costs an average of $4.24 million, they can do incalculable damage to your organization’s reputation—or not. It all comes down to risk appetite. 

Some industries, such as healthcare, financial, and pharma, come with strict regulatory standards and high expectations due to the sensitive nature of customer, internal, and proprietary data. Organizational reputation hinges on cybersecurity, and a single breach can make or break the organization. Others manage sensitive data (credit card information, PII, etc.) that can have a financial impact on customers if their identity is stolen. However, other industries come with a higher risk appetite, particularly where personal/private data is less pervasive.

The CMO shoulders the responsibility of understanding the risk appetite of their organization’s industry, customers, employees, and stakeholders. You don’t have to become a cybersecurity expert—but you do need to understand enough to create communication strategies around your security posture, implementation, and response plans. If, and when, your organization experiences a breach, a prepared CMO—who has ready-made statements that meet the expectations and allay the fears of customers and other stakeholders—can mitigate reputational damage and lay the groundwork for customer retention through and beyond the breach. 

Showcase Your Cybersecurity to Attract Customers

There’s a prevailing cliché that’s going around: Every company is a tech company. And yes, it’s true—but what does that mean to the CMO? While you might not be overly concerned about the ins and outs of endpoints, networks, and clouds, you are concerned with attracting and maintaining customers. And customers care about how you’re using their data, where it’s stored, and why you need it. 

If we change the phrase to say, “every company is a data company,” this starts sounding a little more critical from the CMO’s point of view. Today’s customers don’t just want to know that their data is protected—they need to know—and that reassurance is often a deciding factor in brand choice.  As organizations move toward data-driven business models, and customers are asked for more and more information, a. A cybersecurity-focused CMO can attract customers by ensuring data protection from a messaging point of view. 

Develop a Dialogue with Your Security Team

Now that we’ve addressed the why behind a CMO’s role in cybersecurity, let’s discuss the how. The first step is establishing a dialogue with your security team. The good news is that you don’t have to become an expert in cybersecurity. However, you will need to learn enough to create effective communications. When organizing meetings between Marketing and Information Security, keep the following tactics in mind:

• Read up on cybersecurity basics: As the CMO, you are accustomed to distilling complex messages into digestible content. A cybersecurity focused CMO will need to know some basic terminology to create effective messaging. Reading cybersecurity blogs, books, or online analyst reports can help you build the vernacular while introducing you to some of the more pressing threats that your security team faces daily.
• Elevate the conversation: Ask your CISO or Director of Security Operations to provide scenario-based descriptions of your organization’s security strategy and tactics. Messaging that revolves around outcomes take the “tech” out of the talk. You can then provide valuable insights into your company’s ability to handle breaches that build customer trust.
• Focus on the wins: You’re probably not going to want to divulge to the public the tools and platforms used by your security teams. So instead, talk about the exposures, vulnerabilities, and threats that failed to penetrate your defenses (bonus points if they hit one of your competitors). Showcase your organization as champions for data security and give clear examples of how you walk the talk.
• Understand the regulations: If your organization must meet certain regulatory standards, such as HIPAA, PCI, or GDPR, be sure you understand what those standards mean for your stakeholders and customers. Keep in mind that not all your systems may fall under regulatory compliance mandates. If a breach happens, be sure you can clearly articulate how your regulated systems and data were/were not implicated.
• Be a security champion: Make sure you are current and compliant with internal cybersecurity training. Also, ensure that your team understands their role in keeping the organization secure. Lean on your security team to create internal messaging that is clear, concise, and accurate (without being unnecessarily technical).

Take Your Seat at the Table

CMOs are experts in managing and maintaining brand reputation, and cybersecurity is another tool in that belt. By communicating your organization’s commitment to cybersecurity with customers and internal stakeholders, you can show that you understand the seriousness of data protection. If the worst happens, and your company suffers a front-page incident, a CMO who takes an active role in cybersecurity will be better prepared to communicate effectively and maintain brand reputation through and beyond the breach. 

Is your company moving to the cloud? Are you wondering what that means to your brand? Read The Five Nastiest Security Mistakes Exposing Public Cloud Infrastructure to see what threatens your customer data in the cloud.