News headlines about data breaches have increased customer awareness and concern around data privacy and security. Today, customers - both in business-to-business or business-to-customer situations - make their purchasing decisions based on cybersecurity.
Now, particularly, as customers do more business online, thanks to the COVID-19 pandemic, organizations are under more pressure than ever to keep customer information private and secure.
How can you keep customers loyal and maintain their trust? Reputational risk monitoring and management is critical to knowing the risks to your business’s brand and reputation.
How important is data privacy and security to business reputation?
Reputation risk and management increasingly relies on both protecting information and being transparent about how you manage data. As Generation X, Millennials, and Generation Z grow into their purchasing power, their connectedness to companies and technology use drives greater cybersecurity awareness.
In April 2020, Salesforce released the fourth edition of the State of The Connected Customer which surveyed more than 12,000 global consumers and more than 3,600 business buyers. The data presented gives valuable insight into the way buyers incorporate a company’s data protection when making purchasing decisions.
- 27% of customers do not understand how their personal information is being used
- 61% of customers feel they’ve lost control over how their personal data is being used.
- 63% of customers believe companies aren’t transparent about how their personal data is being used
To stay both relevant and financially secure, you need to not only secure data, but you need to be transparent about how you manage security and privacy.
What is the impact of a data breach on reputation?
While the data supporting customer beliefs is easy to find, the data supporting a data breach’s impact is a bit more nebulous. After all, most of the information is speculative. For example, statistics such as customer churn, often considered a primary metric for determining customer satisfaction, is rarely tied directly to a single event.
Chief Marketing Officer data
The lack of focused data requires a bit of extrapolation and analysis. For example, in 2017, Centrify reported on The Impact of Data Breaches on Reputation and Share Value citing the following:
- 71% of Chief Marketing Officers (CMOs) believe the loss of brand value is the biggest cost of a security incident
- 42% of CMOs believe that their c-suite doesn’t take brand protection seriously
- 66% of IT professionals don’t believe they are responsible for brand protection
Problematically, while IT is responsible for managing security, they feel that marketing is responsible for managing brand reputation. This disconnect places a burden on marketing departments struggling to gain insight into how to monitor and manage reputational risk.
Share prices over time
For publicly traded enterprises, the reputation impact can lead to stock price declines. In 2021, Comparitech analyzed the stock price impact for 34 companies that experienced a data breach. Their key findings noted:
- Share prices of breached companies hit a low point 110 days after a breach
- - 8.6% underperformance on NASDAQ after one year
- - 11.3% underperformance on NASDAQ after 2 years
- - 15.6% underperformance on NASDAQ after 3 years
Although the share prices grew on average for the companies over time, they continued to underperform across the board. In other words, a glance at the companies individually fails to show the true impact. To understand the long term ramifications, you need to make comparisons across the stock index.
What all of this means to monitoring and managing reputational risk
IT and marketing need to communicate effectively to manage the reputational risk associated with cybersecurity events. The two departments, while interdependent, are often siloed. Marketing and IT need to find a common language for discussing and managing cybersecurity positioning, but they often lack the tools necessary to do this.
How security ratings enable reputational risk monitoring and managing
The moral of the above stories: communication - both internally and externally - is the best way to protect your organization’s brand reputation. Security ratings offer an easy, streamlined way to provide that information and keep your company protected and customer friendly.
Easy to read
Security ratings provide easy to understand visibility into an organization’s security posture. They use understandable numeric or alphabetic scales, similar to credit ratings or school grades. You don’t need to be a cybersecurity professional to understand how well your organization is managing its IT controls’ effectiveness. A quick glance at the platform provides any user instant insight into the most important information.
Easy to share
Since security ratings platforms use publicly available data, you can easily share your security posture with customers without compromising sensitive internal security information. Moreover, because the information is easy to understand, your customers will be able to use the information meaningfully. Sales and marketing professionals can respond meaningfully to customer questions and create the transparency necessary for retaining loyalty.
Compare to industry peers
Reputation is based on both what your company does and how customers perceive you when compared to industry peers. Security ratings platforms, because they collect publicly available information, provide competitive research that enables marketing departments to leverage data security and privacy as part of their campaigns.
Security ratings platforms continuously monitor your company’s external controls, providing real-time insight into how well you’re managing them. This visibility means that IT departments can mitigate potential risks and prevent data breaches, but it also means that marketing professionals can create proactive messaging and get ahead of customer questions to increase loyalty.
How SecurityScorecard enables reputational risk monitoring and management
SecurityScorecard’s easy-to-read A-F rating scale makes cross-functional communication easier. Since we continuously monitor for risks and send actionable alerts, IT departments can respond in real-time to new risks. Meanwhile, CMOs can use visibility to enhance their marketing initiatives for building customer trust.
One of SecurityScorecard’s core beliefs is that trust begins with transparency, which is why we created our Trust Portal. We understand the importance of gaining customer trust and support our customers’ missions to do the same.
SecurityScorecard’s ratings provide visibility into ten different groups of risk factors, including IP reputation, endpoint security, network security, web application security, DNS health, patching cadence, hacker chatter, leaked credentials, and social engineering.
IT departments can delve into the individual risk factors to prioritize their activities. Meanwhile, marketing departments can focus on the holistic score that gives them the ability to discuss their commitment to security and privacy meaningfully. Even if you’re not sharing your score, you can still be confident in the truthfulness of your messaging.