While the damage from a data breach can be large—extremely large, in some cases—in financial terms, experts suggest that the worst damage, in the end, is to the company’s reputation. Chief marketing officers are now on their guard over data, and not just to protect their files, but their future sales.
“Keeping our customers safe in the digital age is a top priority for us,” said Rene Bonvanie, executive VP and CMO of Palo Alto Networks. “Today, a proactive and integrated approach to security is a part of marketing. We work with our Information Security and Privacy teams on a regular basis.”
Consumers increasingly hold companies responsible for data breaches, and the damage a breach does to a brand’s reputation can be lasting. Additionally, lost trust can have a long-term effect on sales, as well as the future operations of the marketing departments.
“Marketers need to think about data security in ways we never had to before,” said Maria Pousa, chief marketing officer of Integral Ad Science, a global measurement and analytics company. “CMOs definitely have to think of how to protect their brand and how they’re going to protect their consumers.”
A recent Ponemon Institute report found that the cost in customer churn after a breach is nearly twice that of the spending companies undergo to fix a breach and prevent future ones. Ponemon estimates that, of the $225 cost per compromised record, $146 relates to “indirect costs,” including churn, while $79 comes from direct actions, such as investments in technologies or legal fees.
Lost business following a breach—such as turnover of customers, reputation damage and lost goodwill—now makes up 41% of the average cost of a data breach, $4.03 million on average, according to The Ponemon Institute’s estimate. Turnover alone makes up 41% of that cost, with customer-acquisition costs making up a smaller portion.
And the brand damage from breaches is only increasing as more consumers become aware of their data vulnerabilities. Ponemon’s study found that, while the average size of a data breach in records lost was down 1.9% in 2017, customer churn went up 5% among the 572 companies benchmarked. These are numbers that alarm marketing executives.
A trust issue
“There’s definitely a trust issue in society,” said Integral Ad Science’s Pousa. Consumers’ trust in marketers is now at a low ebb, she said, citing the results of the 2017 Edelman Trust Barometer, which showed that confidence in all four key institutions—government, business, non-governmental organizations, and media—has dropped sharply around the world.
The Ponemon study found that companies with less than 1% customer churn after a breach had an average cost of $5.3 million for the hack, while those that had more than 4% churn suffered an average total cost of $10.1 million per. Not surprisingly, industries that depend on more sensitive personal information are more vulnerable, such as finance, life sciences, health, technology, and service organizations. According to the Ponemon study, those groups experience a relatively high customer churn ratef after a breach, while the public sector and entertainment industry have a lower churn.
“It is about trust, because [consumers think] if especially regulated companies like banks can’t protect your information, they are probably not doing a very good job in the other aspects of the relationship,” said Institute founder Larry Ponemon.
“The biggest problem is the destruction of your reputation and your brand,” said John Kindervag, field CTO, Palo Alto Networks. “Those are the things that get destroyed, and those are the things that people tend to underestimate, because they’re not tangibly quantifiable in many ways. Make no mistake, though, reputation and brand erosion are what executives regret the most over time.”
In fact, customer churn could be underestimated by surveys, said Ponemon. Clients might not stop doing business with a company that has been breached, but they could downshift a primary vendor to secondary status, resulting in lost sales.
“The lifetime value of a customer could be a great loss to the organization,” he said.
Paying the price
And even if no data is breached and consumers don’t bolt, brands can pay a price for cybersecurity worries. As consumers lose confidence, they won’t provide marketers with information nor answer surveys, said Ponemon.
Today’s marketers depend on consumer data for everything from targeting ads online to making media buys for advertising campaigns. As consumers act to shield their privacy online and protect their data themselves with the use of anonymizers, VPNs, and ad blockers, it compromises the quality of data available. Everything from geolocation to user authentication becomes suspect.
“When you start losing confidence in an organization, all the parts that rely on data become questioned by the individual,” Ponemon said. “Organizations going through digital transformation lose.”
Most marketing executives agree that drawing too fine a line under data security can raise too many concerns and backfire—but they recognize that consumer awareness is rising, and they need to raise the comfort level for their clientele.
“I can’t think of anybody who is not managing, maintaining, [and] collecting data that is of some value,” said Kevin Elliott, US Risk Crisis Communication practice director at HK Strategies. “Even if you’re just selling widgets and you’re keeping track of order history, it’s data and it’s useful and it has some value. That’s why bad guys try to steal it.”
Marketers need to create experiences that make it worthwhile for consumers to part with their personal information, said Rob Rupczynski, global VP of media & CRM at McDonald’s Corp. Speaking to an industry group, he said McDonald’s has launched products—such as a tie-in with Uber Eats and mobile ordering—that offer diners convenience in exchange for sharing their information.
“Marketers need to build relationships worthy of consumers’ data,” he said. “If they see value, they will give up their information.”
Owning the data
Whether it’s through blockchain or a data wallet, consumers are going to own their data eventually, said Rupczynski. Companies that figure out that value exchange will succeed in the future, he said.
“The world has changed for marketers,” he said. “If you’re not giving them something for that data, you’re in trouble.” And you better keep it safe.
We live in very customer-centric world said, Palo Alto Networks’ Kindervag; all companies should have a plan ready to communicate with customers transparently in case of a security breach, “because if you don’t have customers, what is going to be the point of having a business?”
Trust can also build through proactive communications, said Palo Alto Networks’ Bonvanie: “CMOs should drive the development and implementation of a process with the C-suite on how to communicate to customers before a crisis occurs.”
Internally, marketing chiefs are taking a more proactive role in establishing data security, as well, said Bonvanie: “Marketing organizations engage security practices on many fronts, from GDPR to vetting new vendors on data processes before contracting them.”
Pousa said her company has seeing a closer the relationship between the CMO and CIO—two C-suite officers who didn’t talk much to each other before.
“Now they’re having conversations about how you integrate systems, how you make sure the technology fits within the ecosystem; how can you port the data, how does it fit in with data security,” she said. “It’s a completely different world.”