The Top 3 Cyber Security Risks Every Chief Marketing Officer Should Care About

Risk Management / June 14, 2017 / by Dave Tyson

The Chief Marketing Officer (CMO in many organizations) is on the front lines of two of the largest battle fronts in business today: business brand and customer data. And success or failure on those fronts is increasingly determined by the security of the technology that supports them.

“CMOs across the enterprise must come together to work collaboratively and share ideas and best practices about the elephant in the room, cybersecurity in the age of the digital consumer.” Marie Hattar,

As the CMO begins to take a larger share of the overall IT spend in many organizations today, their knowledge of the risks and what to do about them becomes business critical and indicative of program success.

The business world is littered with impacted brands and lost jobs from companies being hacked and company and customer information being stolen.

In this article, we’re going to take a look at three of the top risks facing CMOs today.

Protecting Brand, IP, and First Mover Advantage

Whether you’re in consumer goods, manufacturing, e-commerce or any other viable business, competitive advantage is needed to win the market, grow market share, re-trench or generally beat your competitors.

One key foundational marketing capability is the ability to get to market with new products and services ahead of the competition and create that first mover advantage (FMA).

A component of optimal FMA is delivered by keeping advantageous information confidential throughout the process of Ideation, Development, Commercialization, and Launch.

There are many places where IP can leak or be stolen along this journey – the effects of which can impact brand equity and future revenue. While intentional leaks can be a good marketing tool, when you truly have a game changing opportunity, secrecy is almost always desirable.

There are some fundamental security programs that CMO’s need to ensure are in place and working effectively to deliver these outcomes.

Vendor security is one of the most critical programs for maximizing security. Many organizations have good internal controls, but key suppliers are often left unchecked.

Ensuring controls are in place at your trusted vendors, who have access to non-public IP, is one link in the secrecy chain.

These vendors can include:

  • Advertising agencies
  • Packaging houses
  • Designers
  • Law firms
  • Accountants
  • M&A advisors
  • Etc.

There are numerous accounts in the media today of hackers attacking the lower security supply chain of companies (to get the information they want), because it is just easier and more cost effective than attacking the target firm itself.

The Digital World and Security

The pace of change in digital technologies creates a simply staggering set of security issues to consider:

  • Social media and mobile device advertising
  • Virtual, Augmented, and Immersive reality
  • Virtual Currency
  • 3D printing
  • Robots
  • Machine Artificial Intelligence
  • Etc. etc. etc.

Each one of these creates wondrous business opportunities and new business risks.

Combine those factors with the inherent vulnerabilities of most of the existing technology in company’s data centers today – IT talent scarcity, and sheer IT team work overload – and you have the potential for unforeseen and hard to predict brand, and in some cases, human safety impacting events.

Online Advertising

Advertising spend on social media sites like Facebook, Snapchat, and Twitter continues to grow and the resulting data intelligence is touted as the business-critical tool for the future.

Targeted ads seeking to make valuable marketing impressions are growing at a fantastic rate: PwC predicted that once the 2016 numbers are counted, online advertising will outpace television advertising for the first time.

The question that should be answered is who is really looking at the ads: targeted customers or bots (robot machines)? Bot-based fraud (Viewability) in digital advertising is predicted to reach $6.5 billion USD in 2017 according to the Association of National Advertisers (ANA) 3rd annual “Bot Baseline Report.”

Viewability fraud has been a major concern for years and many organizations claim to have services to validate legitimate human impressions versus fraud, but a verifiable anti-fraud program is complicated and is literally worth its cost in profit and customers.

Digital Asset Management

As more and more company assets become digital, it’s important for CMO’s to ensure their brand’s digital asset security systems exist, are effective and well governed.

Many advertising firms or websites will provide these services for you – but the reality is that their security is often minimal unless you clearly specify what your expectations are.

Radio, TV, online audio, print, mobile, social, and many more formats need to be considered.

A litany of questions should be answered to ensure suitable security, but the basics always apply here: who has access to what assets, what can they do with the assets, and how do you know these access controls will be maintained appropriately?

The digitization of business will greatly expand what CMOs will want to use and manage. Good security will ensure it’s always there and available to them when they need it.

Mis-alignment between IT and Marketing Operational Priorities

If you are relying on IT uptime of your technology and you have outsourced it to the cloud, CMOs need to ensure their vendors are delivering at the speed and availability that will meet their business need.

Technology is not perfect….there I said it.

Now that we have established that, we can add to the list of risks:

  • Random technology failures
  • Malware
  • Hackers
  • Disgruntled employees

Witness the recent outage of the Amazon Web Services cloud that left many businesses and their applications stranded for a number of hours, and you start to understand there are risks in outsourcing, just like insourcing.

CMOs should be sure they understand who exactly on their team – or on the CIO's team – is accountable for ensuring these risks are understood and choice-full decisions are made to minimize risks and impacts.

Cloud services are not all the same, and the majority of specialized cloud services are less mature than the established AWS, Microsoft, and Google competitors, but a good security risk assessment will provide you with valuable information to make the choice.

The real trick is to ruthlessly align predictable IT outages or slowdown windows with the least impactful business activity periods. This sounds like common sense but unfortunately many IT organizations measure uptime via SLAs (service level agreements) and look at the overall performance, not the performance when a new brand was going live, a new promotion was kicking off, or new marketing material was being tested.

Ensuring security and IT practices are aligned to maximize business productivity is just one way to optimize business advantage.

Ready to Learn More About Your Risks & What You Can Do About Them?

Contact CISO Insights today to schedule a complimentary consultation to learn how you can understand your real risk position and whether your security posture inside and outside your company’s walls will protect you in the face of serious cyber security threats.


Scroll to Top