Without a Strategic CISO, Even Brilliant Marketing won't Keep Customers

Patrick Peterson, CEO and Founder, Agari

967

1512

288

Join CIOReview Contributor Network

Patrick Peterson, CEO and Founder, Agari, Patrick is Agari’s Founder and CEO and a visionary pioneer in the email business. Pat joined IronPort Systems in 2000 and defined IronPort&rsquo... More >>

If in recent years, the digital, data-driven CMO has gotten many of the headlines around customer acquisition and retention, this year the tide is turning to the CISO and that position’s ascendance in the C-suite. As if the cybersecurity breaches last year weren’t enough to compel companies to invest more in their security practices (just think Sony and Home Depot, for starters), the recent breach at healthcare insurer Anthem is but the latest example of the increased brazenness and sophistication of cybercriminals. As we saw with Anthem, the cyberthieves start with system breaches, purloining users’ personal information, then follow up with phishing attacks through email. This one-two punch is an increasingly common occurrence in cyber attacks.

Against this dangerous backdrop, the CISO is increasingly being called upon to secure not just a companies’ information technology infrastructure, but also—and arguably more importantly—their customers. Data breaches and break-ins have become a near constant drumbeat in the news and criminal activity could be infiltrating CISOs’ organizations, threatening their seat at the C-level table and in the boardroom. There continues to be unmanaged risk in 2015, of course, and that unmanaged risk is the email channel—the main channel through which the CMO and marketing organizations interact with, develop relationships with, and establish trust with customers. Without a rise of the truly strategic CISO who is tightly partnered with the CMO, companies risk losing customers as the email channel remains insecure.

"CISOs must recognize that the time is now to put time, money and resources toward managing the risk from email to ensure their customers are protected"

Many may not know this, but the email channel is the most widely used vector of attack by cybercriminals. But it’s not only email: the increasing investments in online customer engagement, through mobile and other channels, result in increasing exposure to potentially catastrophic brand damage and revenue loss. CISOs must recognize that the time is now to put time, money and resources toward managing the risk from email to ensure their customers are protected. This way, they retain that critical customer trust, protecting the investments made by marketing and customer service. Beyond the threat posed by insecure email channels, ongoing digital innovation is driving the need for both wider and deeper security coverage. New interfaces are raising customer expectations for security and service. The rising popularity of Bitcoin and its integration into transactional system poses obvious security threats. The Internet of Things, with increasingly a u t o n o m o u s c o n n e c t e d devices and sensors, absolutely requires a more aggressive push on security and safety. As we’ve all seen and experienced, the external threats are becoming ever more sophisticated, stealthy, and widespread.

In our digital, connected age with its parade of cyber attacks, customers are increasingly caring first about security, asking, “Is my data safe with my bank? My insurance company? The online retailers I frequent?” The CMO must work closely with the increasingly elevated CISO to ensure their marketing and security strategies are aligned. Both must look at all the customer touchpoints associated with customer acquisition and retention, and these are critical to building brand loyalty, lowering the cost of customer acquisition, and enabling sales to upsell. And at each of these touchpoints is an inherent risk of breach and data theft; the CISO and CMO must work closely together to eliminate threats at each stage of the customer lifecycle.

"MO must work closely with the increasingly elevated CISO to ensure their marketing and security strategies are aligned"

To become truly strategic and integrated with the rest of the C-suite, CISOs must push themselves beyond being custodians of security technology. They must learn and evolve to become leaders who consider business operations, models and strategy when making decisions. Along with this, companies themselves aren’t just deploying the latest security technology. They are rethinking their entire strategies to reflect the explosion of devices, data, needs of users, as well as the overall importance of security along every business juncture. Strategic CISOs must also move beyond their historical focus on simply the technology of security and embrace an education into broader business strategy, fundamentals, operating models, and even the financials of their organizations.

Much of this strategic evolution in the CISOs outlook must begin with an alignment with the CMO and understanding the proliferating and inevitable adoption of digital processes and marketing strategies. It involves the understanding that at the base of a customer relationship is trust developed over time between companies and their customers. Obviously, your company is looking to grow, and in today’s world companies are basing their growth initiatives on digital transformation as marketing leads the charge with digital marketing investments. To differentiate themselves from the competition, companies are doing their best to ensure they delight customers at every turn, focusing on a holistic customer experience strategy. As we’ve seen time and time again with the recent data breaches and phishing attacks, all it takes is one email where a customer clicks on a nefarious link to undo a company’s hard work and create possibly irreparable brand damage. If you lose brand trust, you lose the ability to drive demand.

Without a secure, trusted digital foundation, customer acquisition and retention becomes all but impossible, and even the most clever and engaging marketing programs won’t matter if customers don’t trust companies with their information. It is truly the strategic CISO who must safeguard and enhance that customer trust.