Marketing officers and IT professionals don’t always see eye to eye on lots of issues. According to a new survey, one of them is the impact of a data breach on their company’s brand.
The survey of U.S. officials, released Monday, showed 71 per cent of 334 senior level marketing and corporate communications professionals questioned agreed the biggest cost of a security incident is the loss of corporate reputation and brand value. In contrast, less than half of the 448 IT practitioners (49 per cent) agreed with the statement.
In fact when asked several different ways more marketing officers saw brand value as more important than the IT pros, although sometimes it was very close and the small sample size could have made it a split.
For example, 69 per cent of marketing officers and 63 per cent of IT pros agreed their organization’s brand can be significantly diminished because of a data breach caused by business partners and other third parties
However, 67 per cent of CMOs and 50 per cent of IT pros agreed “material cybersecurity incident or data breach would diminish the brand value of our company.”
By comparison 66 per cent of IT pros agreed that “protecting my organization’s brand value is not the responsibility of IT security.” By comparison 39 per cent of marketing officers agreed.
On the other hand IT practitioners are more likely to believe a strategic security infrastructure is a competitive advantage (42 per cent of IT practitioners vs. 35 per cent of marketing officers).
The study was done by the Ponemon Institute for Centrify Corp., a provider of identity and access management solutions.
In other ways the two groups held similar views. For example, 63 per cent of marketers and 59 per cent of IT pros agreed poor customer service would have a negative impact on their organization’s reputation. 50 per cent of marketing officers and 44 per cent of IT pros agreed an environmental incident would have a negative impact, and 45 per cent of marketers and 48 per cent of IT pros agreed a data breach would as well.
But overall the survey authors conlcuded CMOs are more concerned than IT practitionners about the preservation of their companies’ brand and reputation.
IT pros probably believe their primary role is protecting their organizations’ sensitive and confidential information, the authors speculate.
On the other hand, they do agree on one other thing: 45 per cent of IT practitioners and 42 per cent of marketers don’t believe that brand protection is taken seriously in the C-Suite.
Forty-three per cent of IT practitioner respondents and 31 per cent of marketing officers said their organization had a data breach involving the loss or theft of more than 1,000 records containing sensitive or confidential customer or business information in the past two years.
The reason why brand reputation is important is the risk that consumers will drop a company that suffers a data breach. This was reflected in the survey, which also interviewed 549 shoppers.
Sixty-five per cent of consumer respondents who had been victims of a data breach said these incidents caused them to lose trust in the organization; 31 percent say they actually took steps to terminate their relationship with the breached organization.
The study also tried to show a relationship between stock prices of 113 companies around the world victimized by a breach and their so-called security posture (a score rating a number of security features or practices. For example, a firm with a high score has a fully dedicated CISO, “adequate budget,” a training and awareness program, regular audits, policies for managing third party risk and participation in a threat sharing program.)
The report is a warning that “security isn’t just about protecting data, it’s about protecting the business,” Centrify CEO Tom Kemp said in a statement. “It is no longer just an IT problem — it must be elevated to the C-suite and boardroom because it requires a holistic and strategic approach to protecting the whole organization.”