It sounds like IT, not marketing! Data breach, identity protection, customer security – these are terms that never concerned marketers much. The breaches that retailers Target, Neiman Marcus, Zappos, and other brands like Evernote, Living Social, LinkedIn, and Adobe suffered have impacted the way consumers are interacting with brands. Security is now also a chief marketing officer’s (CMO) challenge – it is no longer only a worry for the chief information officer (CIO) or chief technology officer (CTO).
The challenge for marketers is not making sure the CTO has bought the latest firewalls and verified all third-party vendors; the real issue is that today it is not if your brand will be breached but only when it will be breached.
The Target breach that affected nearly 30 percent of all Americans has been keeping their CMO Jeffrey Jones up at night. Target’s data breach enabled the theft of millions of customers’ payment information had lowered fourth-quarter profit down 46 percent. The final cost will be significant but no one can quantify the exact damage to the brand. No amount of marketing or PR is going to change the anxiety that customers feel when they walk into the store and think about paying with their credit card for fear of paying with their identities being stolen. Cashiers can see and hear the anxiety but of course online marketers will never observe it.
Even before the Target breach and the NSA eavesdropping allegations, 66 percent of consumers expressed concern about identity theft, if the data they share with business is compromised. According to the Washington Post, Target has spent $61 million to cover costs associated with the breach, including the cost of providing credit monitoring services to its customers. Even the choice of credit monitoring may have an impact on the Target brand. Target chose to offer a service from the same company that sells customers’ data (Target happens to be one of their large customers as well) to also protect their customers’ data. Something about that just doesn’t seem right.
In fact, Consumer Reports severely criticized Target’s Experian offering by saying that the retailer’s free credit monitoring could give you a false sense of security and the offering just seems a way for Experian to upsell additional services. They have not been the only ones to criticize Experian’s credit monitoring service; the community at the University of Maryland was shocked at what they found was going on:
“The retailer said it couldn’t provide an estimate of how much the breach would ultimately cost because of an ongoing government investigation.
If the government’s probe finds Target at fault for not complying with industry-specific security standards, the company faces fines in the range of $400 million to $1.1 billion, according to an estimate by Jefferies, an equity research company. That figure did not include lost sales or customer goodwill, the firm said.”
To understand how much the retailer stands to lose, analysts point to the 2007 attack that hit TJX, of more than 45 million customers by exploiting an unsecured wireless network. TJX’s initial estimates put the damage at about $25 million, but once the dust settled, the company ended up paying more than $250 million.
Heading into SXSW, I know CMOs and senior marketing executives have customer security top of mind. In fact, I was chatting with my friend Pete Krainik, founder and chief executive (CEO) of The CMO Club, who shared:
“One of the hottest topics at recent CMO Club Dinners and on the minds of CMOs participating at The CMO Club House at SXSW, is the CMO’s role in both preventing data security and responding to data breaches. Their focus…[is] to minimize brand equity erosion and customer engagement. This is the new frontier of customer service’s impact on the brand.”
It’s a painful but serious topic, and one that every marketer should concern themselves with. If you collect data from customers, you are responsible for ensuring their protection and making sure they feel you are taking their identity protection seriously. As an advocate for the use of data, I’ll be at the CMO Club House and SXSW to talk about this serious issue and what marketers need to do to protect their brand.
Bo Holland, CEO of security firm AllClearID (who offers a solution), suggests, “Brands have the opportunity to stand out for proactively addressing it, and those who do not will very soon be far behind. Align your brand with the changing consumer mindset and be a leader in customer security.” If you want to learn more about what you as a marketer can do about customer security, check out this white paper.