Posted on Mar 10, 2020
News headlines about data breaches have increased customer awareness and concern around data privacy and security. Today, customers - both in business-to-business or business-to-customer situations - make their purchasing decisions based on cybersecurity. Additionally, more regulations force companies to prove that they appropriately protect data. Reputational risk monitoring and management are more important than ever to continued financial security for organizations.
Reputation risk and management increasingly relies on both protecting information and being transparent about how you manage data. As Generation X, Millennials, and Generation Z grow into their purchasing power, their connectedness to companies and technology use drives greater cybersecurity awareness.
In April 2019, Salesforce released the third edition of the State of The Connected Customer which surveyed over 8,000 global consumer and business buyers. The data presented gives valuable insight into the way buyers incorporate a company’s data protection when making purchasing decisions.
To stay both relevant and financially secure, you need to not only secure data, but you need to be transparent about how you manage security and privacy.
While the data supporting customer beliefs is easy to find, the data supporting a data breach’s impact is a bit more nebulous. After all, most of the information is speculative. For example, statistics such as customer churn, often considered a primary metric for determining customer satisfaction, is rarely tied directly to a single event.
The lack of focused data requires a bit of extrapolation and analysis. For example, in 2017, Centrify reported on The Impact of Data Breaches on Reputation and Share Value citing the following:
Problematically, while IT is responsible for managing security, they feel that marketing is responsible for managing brand reputation. This disconnect places a burden on marketing departments struggling to gain insight into how to monitor and manage reputational risk.
For publicly traded enterprises, the reputation impact can lead to stock price declines. In 2019, Comparitech analyzed the stock price impact for 28 companies that experienced a data breach. Their key findings noted:
Although the share prices grew on average for the companies over time, they continued to underperform across the board. In other words, a glance at the companies individually fails to show the true impact. To understand the long term ramifications, you need to make comparisons across the stock index.
IT and marketing need to communicate effectively to manage the reputational risk associated with cybersecurity events. The two departments, while interdependent, are often siloed. Marketing and IT need to find a common language for discussing and managing cybersecurity positioning, but they often lack the tools necessary to do this.
The moral of the above stories: communication - both internally and externally - is the best way to protect your organization’s brand reputation. Security ratings offer an easy, streamlined way to provide that information and keep your company protected and customer friendly.
Security ratings provide easy to understand visibility into an organization’s security posture. They use understandable numeric or alphabetic scales, similar to credit ratings or school grades. You don’t need to be a cybersecurity professional to understand how well your organization is managing its IT controls’ effectiveness. A quick glance at the platform provides any user instant insight into the most important information.
Since security ratings platforms use publicly available data, you can easily share your security posture with customers without compromising sensitive internal security information. Moreover, because the information is easy to understand, your customers will be able to use the information meaningfully. Sales and marketing professionals can respond meaningfully to customer questions and create the transparency necessary for retaining loyalty.
Reputation is based on both what your company does and how customers perceive you when compared to industry peers. Security ratings platforms, because they collect publicly available information, provide competitive research that enables marketing departments to leverage data security and privacy as part of their campaigns.
Security ratings platforms continuously monitor your company’s external controls, providing real-time insight into how well you’re managing them. This visibility means that IT departments can mitigate potential risks and prevent data breaches, but it also means that marketing professionals can create proactive messaging and get ahead of customer questions to increase loyalty.
SecurityScorecard’s easy-to-read A-F rating scale makes cross-functional communication easier. Since we continuously monitor for risks and send actionable alerts, IT departments can respond in real-time to new risks. Meanwhile, CMOs can use visibility to enhance their marketing initiatives for building customer trust.
One of SecurityScorecard’s core beliefs is that trust begins with transparency, which is why we created our Trust Portal. We understand the importance of gaining customer trust and support our customers’ missions to do the same.
SecurityScorecard’s ratings provide visibility into ten different groups of risk factors, including IP reputation, endpoint security, network security, web application security, DNS health, patching cadence, hacker chatter, leaked credentials, and social engineering.
IT departments can delve into the individual risk factors to prioritize their activities. Meanwhile, marketing departments can focus on the holistic score that gives them the ability to discuss their commitment to security and privacy meaningfully. Even if you’re not sharing your score, you can still be confident in the truthfulness of your messaging.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.