CFO World

Why cyber security should be in the CMO remit

Check Point CMO admits the idea may be controversial, but it protects brands from potentially damaging security breaches

CMOs need to be responsible for cyber security within organisations, according to a leading marketer.

CMO of Check Point, Peter Alexander, admitted while the idea may be controversial to some, it makes sense the CMO take responsibility for security, as security breaches can massively impact brand.

Alexander said given the rapid and ongoing evolution of B2C communications, marketing departments are often the first to bring new technologies or software products into a company. While the effective use of this technology can greatly improve customer experience (CX), it often leaves an overlooked opening in a company’s security structure that can be exploited by cyber criminals, doing immense damage to the company’s reputation and bottom line.

Alexander told CMO most companies are still passing the security responsibility to IT, but it should lie with the CMO.

“Increasingly, we see the conversation where companies want to know where the CISO (chief information security officer) reports. Most often, it is to the CIO, CFO or even the CEO, but not often to CMOs,” he explained.

“Ultimately, the security responsibility should be with the CMO. It is controversial, because it almost never happens that way, but the CMO is managing the customer data, the technology, the relationships and the brand. Rebuilding customer goodwill after a breach is also in the CMO remit.

“Security can massively impact brand. Everything a company does contributes to its brand, but it doesn’t take much to create a massive brand problem when it comes to security, as recent breaches have shown. This then has a massive impact on marketing.

“When it comes to cyber security, the CMO can speak to the point of view of protecting the brand and the need for the highest level of security to ensure this. Sometimes it feels like some security investments made by the executive level are seen as insurance policies. But they’re not, they are defences. It’s like deciding whether to put windows and door on a home - it’s vital.”

Trust, once broken, is difficult to restore, he said, so the best course of action is to ensure it is not broken in the first place. This can include not only ensuring a business and its martech vendors offer the best security around data available, it is also as simple as communicating data policies well to customers.

“Marketing teams can be poor stewards of customer data and customer communication, which creates the image that data is not being handled well. So the CMO should take an interest in how the data is being handled by the martech systems – you’ve got to know it’s being protected. Often data is the core of the IP for the company, it’s a key asset, but we tend not to treat it that way.

“Marketing can blow trust if not handling it correctly.”

Given the CMO’s expanded remit to include customer data, it is only logical, Alexander said, to give them a seat at the cyber security table.

Tips for CMOs looking to take responsibility for security within organisations

“First, force yourself into the security conversations going on - get a seat at that table. Make sure the executives know marketing needs to be involved and heard about this issue,” he said.

Second, get your own house in order within infrastructure, systems and processes, to make sure you can demonstrate high levels of security. Use the IT organisation to assess vendors, and make it clear to vendors that security is paramount.

“Next, make sure you communicate to customers your interactions with them are valuable to you, and you are treating their data with respect and protection. It can be a fine line, you don’t want to overplay it, but there is a decrease in trust by consumers around the safety of their data. Communication around this can be a key differentiator,” he told CMO.

“From a customer data point of view, be minimalistic in allowing data to be passed around the organisation. We all have to be super careful since GDPR, but this has to be generally best practise now. Don’t be forwarding excel files with customer data around; ensure prudent practises from a security perspective. No business can afford to be cavalier about it.

“Finally, be an advocate for strong security across the company. Get educated on security and become an advocate, because marketing is a good place for it to come from. Are the hard drives on all your computers encrypted? Do your mobile phones carry security software? This can be daunting, but there are lots of courses available on cyber security and it’s a great aspect to have in your knowledge base as a CMO,” he said.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, join us on Facebook: https://www.facebook.com/CMOAustralia, or check us out on Google+:google.com/+CmoAu