It’s not a matter of if, it’s a matter of when. This is the philosophy of Norman Guadagno, head of marketing for Carbonite. This year we’ve seen that there is no such thing as invulnerability- Panera Bread, Under Armour’s MyFitnessPal, and Facebook all experienced data breaches. Even the United States Department of Homeland Security. Not a reassuring thought.
Protection against hacking is not just an issue for IT anymore. Guadagno advises that marketing leaders be engaged in the highest-level discussions to avoid a dangerous knowledge gap. In the event of a breach, the marketing team becomes the driver of public information. Not equipping the marketing department with the information needed to respond is like having a squad of firefighters on call but not giving them uniforms.
To be involved, marketers must be aware of the hacking possibilities that can occur; does the company keep credit card information on their servers? Are they storing customer emails from subscription signups? Ultimately, would this information be valuable to someone else?
Marketers must also know how to communicate to consumers and the press. When Target was hacked in 2013, their internal software detected the breach, but internal staff dismissed it because they thought it was a false positive. When they determined it was indeed a breach, they located and terminated the malware, but did not communicate it right away to consumers. They released a statement a week later, but by then news had already gotten out and Target lost control of the narrative. Their public relations campaign after the fact was too little too late: Target had 140 lawsuits against them by the end of the year, a 46% decline in profits, a tarnished reputation and had scored negatively in all surveys of customer perceptions for the first time in the brand’s history.
Often in marketing, brand managers are worried about brand integrity; are their digital marketing campaigns protecting their image, or are their ads which tout a wholesome product showing up next to offensive content online? However, what marketers need to consider is that the biggest threat to brand integrity can actually be the company itself.
Guadnago says “a hack isn’t just about the technical consequences of a breach, but about issues regarding consumer privacy and brand trust.” According to a study by KPMG, 19% of consumers would stop shopping at a retailer entirely after they experienced a breach, and 33% would take a break from shopping at the store. Handling a breach is not just about technical skill, but about understanding consumer concerns and how they affect brand trust.
Guadnago advises marketers not to give a “we have your back” message unless it’s actually true. Companies that handle breaches well are transparent, forthcoming, and not defensive. After all, it doesn’t matter how “good” of systems the executives think they had in place despite the hack, because the hack happened. If companies haven’t experienced a breach before, Guadnago advises they create response plans. Unlike hurricane season, hackers are active all year round.
From a marketing management perspective, here are some questions to think about:
- Cybersecurity insurance can only be used to cover risks that cannot be reasonably addressed by a cybersecurity program. What are some ways a company might reduce the impact of a data breach?
- As a marketing manager, how would you communicate a breach after it happened? What points would you want to make, and to whom?
- Do you believe someone must be fired in the wake of a breach? Why or why not?