Why security is the key to CMO survival in the C-suite

Sam Bocetta is a freelance journalist specialising in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.

A decade ago, the job of a CMO was easy. Or at least easier, in that the role had tightly defined limits. 

Today, things have changed. One of the largest driving forces behind the development of CMO strategy has been the emergence of several cross-cutting concerns that affect the work of all of the C-suite. One of the most important has been security.

This means that cybersecurity is no longer just a 'technical' risk. Instead, it is a business risk that affects almost everything a company does. As a CMO, you need to integrate security into everything you do in order to stay competitive.

Why hackers target marketing teams

There are a few reasons why marketing teams are a major target for hackers. The first is simply that marketing teams have more exposure to public networks than the other teams in an organization: cybersecurity pros refer to this as the 'surface area' of a team.

The second is that marketing teams are trained to build trust with customers. Because establishing trust is also a major component of common types of cyberattack (most notably phishing and social engineering attacks) marketers are prone to giving clever hackers access to their systems.

The third reason is – I'm sorry to say – that the level of cybersecurity knowledge in marketing teams is simply much lower than that of the other teams in a typical company. 

Because of all three of these characteristics, hackers often see marketing teams as a 'soft target' for cybercrime. And sadly, they are often right.

Improving cybersecurity as a CMO

As a CMO, there are a few key principles to building a strong cybersecurity infrastructure in your team.

Giving specific advice as to the technical measures you can put in place is difficult, because marketing teams vary so much across companies. However, it is important to identify a few key areas in which you should prioritize security. 

You should recognize, first and foremost, that as a CMO, you are likely to have possession of vast amounts of sensitive customer data. This means that your team should be well versed in responsible data retention. It is also likely – particularly if you are running large outreach campaigns – that many of your staff often work off-site. 

As a result, you should make sure that your remote working procedures are fit for purpose by using security software specific to each computing device you use to connect to your company’s network. In many cases, enterprise virtual private networks do not play well with operating systems like OS X or Android. Make sure to use VPN services designed specifically for Mac and Android devices. In addition, don’t overlook domain security, since websites are still (by far) the largest source of vulnerability for marketing teams.

At the broadest level, CMOs must also attempt to create a culture of cybersecurity in their teams. Doing this requires that you put in place rigorous training programs for all your staff, no matter what level of the organization they work at. Even a junior intern should be able to spot a malicious email attachment: if they cannot, they can undermine even the most technically advanced security systems.

Tracking progress

At the C-suite level, measuring the success of these initiatives is also critical. It can also be quite difficult, since – by definition – if your security systems are working well, you will not be the target of a large number of cyberattacks.

In order to track progress, therefore, you can 'borrow' the techniques that have long been used in cybersecurity, such as pen testing and simulated attacks. Hiring a third-party pen tester to try and break into your system is a very effective way of testing your vulnerability to intrusion, and identifying where work needs to be done.

During such testing, there are two key principles to keep in mind. The first is not to blame marketing staff for allowing a 'fake' attacker to access your systems: rather than seeing this as a disciplinary issue, you should read it as indicative of the need for further training.

The second principle is to use testing as an opportunity to collect data on the security of your systems. If vulnerabilities are identified, it is likely that you will need to argue for extra resources for cybersecurity within your team. Cold, hard data is the best way to make this argument.

The bottom line

Though taking security seriously is just part of staying competitive in the C-suite, implementing strong security practices will also have an effect on the efficiency of your team. 

If a major data breach occurs, whether from your team or elsewhere, it will be the marketing team’s responsibility to manage the public backlash, and to reassure customers that their data is safe. This process can consume vast amounts of resources that would otherwise be used in marketing campaigns.

For that reason, strong cybersecurity is not just an additional responsibility for CMOs. It is, in the end, an existential issue for businesses of all kinds and sizes.

Interested in hearing leading global brands discuss subjects like this in person?

Find out more about Digital Marketing World Forum (#DMWF) Europe, London, North America, and Singapore.  

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *