All press is good press, right? That’s probably not true if the press is about your latest cybersecurity breach. Keeping your brand image healthy is a joint effort between the CISO and the Chief Marketing Officer (CMO).
As a CMO, you have the role of making sure the companyโs brand is well represented in the market. This involves building a brand, managing marketing, and unless you’re big enough to have a separate Chief Communications Officer (CCO), you’re also supporting public affairs / public relations. Cybersecurity becomes a big issue for public relations when the brand might be involved in a breach. When this happens, then you, in your role in marketing and communications, become a critical part of the crisis management team.
This isnโt the relationship the CISO and CMO want to have. If the lens is focused solely on breach prevention and response, then the CISO and CMO would only have basic levels of interaction. Effective CISO leadership means you, as the CMO, are grateful you don’t have to do extra marketing to overcome damage to the companyโs reputation caused by a cybersecurity event. You can be focused on positive marketing: building the brand, new product and service campaigns, or reaching into new markets and customers.
From this perspective, “keep us out of the news” is the CMO’s guidance to the executive team in supporting the CISO’s mission. Avoiding a breach and its following problems allows marketing budgets to be well spent. Saving money on the CISOโs budget to then spend it on crisis management, press releases disclosing the breach, and campaigns to rebuild trust is not good stewardship of company resources. Press time should be spent on the good news and not explaining bad news.
It’s more than about bad press
A CMO-CISO alliance built on staying on the good side of the news is just the minimum. Untapping the real value comes from building the next level of the relationship. A more strategic view brings the CISO and CMO together to build something better. Security should be a strategic asset of the company. It can be a key part of the brand image promoted to the market. The type of business may change how you leverage this image.
Business to Consumer (B2C) companies should use good security as a competitive advantage to their customers. If youโre in the business of dealing with sensitive data (e.g., payment, healthcare, or similar), this is a critical part of your message. Consumer trust is being constantly eroded by weekly breaches. Being able to talk about and demonstrate good security will create customer confidence in your product. Consumers and prospects will share their information more willingly if security is part of your go-to-market message.
In marketing, any friction preventing the acquisition of leads and prospects, and then converting them to sales is a bad thing. A cybersecurity breach raises the friction significantly. A strong cybersecurity message can lower that same friction to acquiring those leads.
B2B Confidence Matters
During a cybersecurity incident, trust isnโt eroded only at the consumer level. There are just as many โsupply chainโ breaches making the news and impacting organizations large and small. Business to Business (B2B) companies also need to show their products or services are secure. Doing business with big business requires higher levels of security every year. By starting with โsecureโ in your marketing message, as a partner or vendor, you can go a long way in winning business in this competitive market.
This becomes even truer in Software as a Service (SaaS) providers, where critical business services are outsourced. It’s likewise critical for vendors that deeply integrate into existing environments (e.g., system control software). A breach at one of these businesses would not just cripple their customer, in some cases, they could end their customer. So, in these examples, security is not just woven into the marketing message, it gets dedicated airtime.
Some more โsecurity firstโ companies take this so far as to include their security rating and practices as part of their sales material. Security is part of the pitch because the sales and marketing team knows their solution wonโt win if their client’s CISO says โno.โ
If youโre at such a company, head off those concerns early, instead of having the deal killed by security after everyone else gets excited about it. These products even invite someone from security to the sales story to let them hear up front how the vendor approaches the shared risks.
The Wrap
As a CMO, if you’re marketing to security-conscious customers (and who isnโt anymore?), then you should be spending a lot of time with your CISO. Youโll need to understand all the great things your company has in place to make your product safe and then translate the cyber-tech-talk into the branded message your customer needs to hear. This helps reaffirm your company’s place in the security-conscious marketplace ahead of your competitors.
At a minimum, the CISO-CMO partnership is forged through the hard times of a breach. But a good partnership doesn’t wait for this. It’s built from the beginning and builds a stronger brand. By aligning a company’s security goals with its marketing and brand, it makes your company more competitive in today’s market.
And that’s some news to be excited about!