Without a Strategic CISO, Even Brilliant Marketing won't Keep Customers

Patrick Peterson, CEO and Founder, Agari
190
283
50

If in recent years, the digital, da­ta-driven CMO has gotten many of the headlines around custom­er acquisition and retention, this year the tide is turning to the CISO and that position’s ascendance in the C-suite. As if the cybersecu­rity breaches last year weren’t enough to compel companies to invest more in their security practices (just think Sony and Home Depot, for starters), the recent breach at healthcare insurer Anthem is but the latest example of the increased brazenness and sophistica­tion of cybercriminals. As we saw with Anthem, the cyberthieves start with system breaches, purloining users’ personal information, then follow up with phishing attacks through email. This one-two punch is an increasingly common occurrence in cyber attacks.

Against this dangerous backdrop, the CISO is increasingly being called upon to secure not just a companies’ information technology infrastructure, but also—and arguably more impor­tantly—their customers. Data breach­es and break-ins have become a near constant drumbeat in the news and criminal activity could be infiltrat­ing CISOs’ organizations, threatening their seat at the C-level table and in the boardroom. There continues to be un­managed risk in 2015, of course, and that unmanaged risk is the email chan­nel—the main channel through which the CMO and marketing organizations interact with, develop relationships with, and establish trust with custom­ers. Without a rise of the truly strategic CISO who is tightly partnered with the CMO, companies risk losing custom­ers as the email channel remains inse­cure.

"CISOs must recognize that the time is now to put time, money and resources toward managing the risk from email to ensure their customers are protected"

Many may not know this, but the email channel is the most widely used vector of attack by cybercriminals. But it’s not only email: the increasing investments in online customer en­gagement, through mobile and other channels, result in increasing expo­sure to potentially catastrophic brand damage and revenue loss. CISOs must recognize that the time is now to put time, money and resources to­ward managing the risk from email to ensure their customers are protected. This way, they retain that critical cus­tomer trust, protecting the investments made by marketing and customer ser­vice. Beyond the threat posed by inse­cure email channels, ongoing digital innovation is driving the need for both wider and deeper security coverage. New interfaces are raising customer expectations for security and service. The rising popularity of Bitcoin and its integration into transactional system poses obvious security threats. The Internet of Things, with increasingly autonomous connected devices and sensors, abso­lutely requires a more ag­gressive push on security and safety. As we’ve all seen and experienced, the external threats are becoming ever more sophisticated, stealthy, and wide­spread.

In our digital, connected age with its parade of cyber attacks, custom­ers are increasingly caring first about security, asking, “Is my data safe with my bank? My in­surance company? The online retailers I frequent?” The CMO must work closely with the increasingly ele­vated CISO to ensure their marketing and security strategies are aligned. Both must look at all the customer touchpoints associated with custom­er acquisition and retention, and these are critical to building brand loyalty, lowering the cost of customer acquisition, and enabling sales to up­sell. And at each of these touchpoints is an inherent risk of breach and data theft; the CISO and CMO must work closely together to eliminate threats at each stage of the customer lifecycle.

"MO must work closely with the increasingly elevated CISO to ensure their marketing and security strategies are aligned"

To become truly strategic and inte­grated with the rest of the C-suite, CI­SOs must push themselves beyond be­ing custodians of security technology. They must learn and evolve to become leaders who consider business opera­tions, models and strategy when mak­ing decisions. Along with this, compa­nies themselves aren’t just deploying the latest security technology. They are rethinking their entire strategies to reflect the explosion of devices, data, needs of users, as well as the overall importance of security along every business juncture. Stra­tegic CISOs must also move beyond their historical focus on simply the technology of security and embrace an education into broader business strategy, fundamentals, oper­ating models, and even the financials of their organizations.

Much of this strategic evolution in the CISOs outlook must begin with an alignment with the CMO and under­standing the proliferating and inevita­ble adoption of digital processes and marketing strategies. It involves the understanding that at the base of a cus­tomer relationship is trust developed over time between companies and their customers. Obviously, your company is looking to grow, and in today’s world com­panies are basing their growth initiatives on digital transformation as marketing leads the charge with digital marketing investments. To dif­ferentiate themselves from the competition, companies are doing their best to ensure they delight custom­ers at every turn, focusing on a holis­tic customer experience strategy. As we’ve seen time and time again with the recent data breaches and phishing attacks, all it takes is one email where a customer clicks on a nefarious link to undo a company’s hard work and create possibly irreparable brand damage. If you lose brand trust, you lose the abil­ity to drive demand.

Without a secure, trusted digital foundation, customer acquisition and retention becomes all but impossible, and even the most clever and engag­ing marketing programs won’t matter if customers don’t trust companies with their information. It is truly the strate­gic CISO who must safeguard and enhance that customer trust.

Read Also

Hyperconnected, Safe and Secure?

Phil Agcaoili, SVP & CISO, Elavon

DDoS Best Practice - Can You Do It Alone?

Russel Ridgley, Head of Cloud Services, Pulsant

Simplicity-The Virtue Of Future Security Solutions

Barmak Meftah, President and CEO, AlienVault

Internet of Things Exposures & Enterprise Risk

Stephanie Snyder Tomlinson, U.S. Cyber Sales Leader