Data Breaches and Brand Management: How to Preserve Your Brand Value

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.clickz.com/clickz/column/2399488/data-breaches-and-brand-management-how-to-preserve-your-brand-value

I spent the last few weeks waiting for a letter that I hoped would never
come. I was waiting for a letter from Anthem Health Insurance telling me
that my personal information was compromised in their recent data security
breach. I signed up for the Anthem health plan through my employer, but
just like the other 80 million plan participants estimated to be affected
by the recent hack, I never signed up for this.

Every day, consumers are becoming more aware of the threat of cybercrime
and its potential effects on their lives. Unfortunately, brands consumers
trust are often unwitting accomplices. Target. Home Depot. Zappos. Sony.
Anthem. Regardless of industry or size, no brand is immune to hacking. Even
companies expected to be highly vigilant in guarding against cybercrime
such as JP Morgan Chase have been compromised.

"We've spent over 12 years building our reputation, brand, and trust with
our customers. It's painful to see us take so many steps back due to a
single incident." Those aren't the words of Anthem's chief executive (CEO),
but instead Zappos' CEO Tony Hsieh, following the 2012 data security breach
that compromised 24 million customers' names, addresses and passwords.
Aside from the costs of damage control after a breach has been discovered,
the stigma attached to the loss of customers' personal information can have
a negative impact on their willingness to choose a brand in the future.
This calls for a new type of brand management. As more brands depend on
customers maintaining online accounts — full of personally identifying
information — to generate revenue and remain competitive, brands need to
ensure their value propositions around online safety are more than window
dressing.

Consider three numbers: 40. 61. 46 percent. Out of context, they're
meaningless. Put into context, they show the importance of protecting the
people who keep brands in business — especially in the ultra-competitive
retail industry. Forty million is the amount of credit card numbers
compromised in the Target Thanksgiving hack of 2013. The company spent $61
million in two months to cover damages from the breach. The biggest impact
was the ripple effect on corporate profits for the holiday season, as
Target suffered a 46 percent loss in profit from same-quarter sales
year-over-year. The most mind-boggling aspect of the whole incident was
that Target had spent more than $1 million to implement preventative cyber
security and measures six months before it even happened.

Another cautionary tale is Sony Corp. The highly publicized breach at Sony
Pictures earlier this year revealed once again that the billion-dollar,
multi-national entertainment brand was lax in protecting its digital assets
— similar to the incident that occurred with its PlayStation division in
2011. The issues with protecting customer data and their own employees'
information raise serious concerns about entrusting sensitive personal
information to any network that Sony operates. As Sony plans to launch its
Vue premium cable-over-the-Internet service in 2015, the company's poor
track record of protecting customers' personal information could impact its
ability to attract new subscribers. With so many banking, retail, and
entertainment options for consumers to choose from, and practically zero
switching cost, security and privacy become more than just table stakes.
They can provide a competitive advantage for brands.

Craig Spiezle, executive director and founder of the Online Trust Alliance,
emphasizes brands' new role in protecting customers' personal information:
"Privacy and security are important brand differentiators and companies
need to move from a mindset of meeting compliance requirements to becoming
a steward of consumer data." Nuala O'Connor, current president and CEO of
the Center for Democracy and Technology and previous global privacy leader
at General Electric, acknowledges that privacy and security have to be a
cross-functional priority for companies, enhancing the marketing strategy
with input from privacy and security experts: "Privacy professionals need
to be engaged with teams across the organization, not just IT, legal, and
compliance departments. They should participate in early stage product
design processes, meet with the engineers and customer services
representatives and take part in marketing and sales efforts."

No one wants to receive the dreaded "We regret to inform you..." letter or
email from a trusted brand notifying them that their personal information
has been compromised. The resulting potential for lost revenue and customer
loyalty is even more worrisome to brands that allow customers' sensitive
personal information to be exposed. With so much at stake, it's important
for brands to ensure that claims of safety and privacy aren't just
marketing fluff and that it is actually part of an overarching brand
management strategy, but backed by solid systems and policies designed to
protect customer data. Because most customers don't send letters or emails
to notify companies about steps they're taking to resolve a situation after
their personal data is exposed. Most customers just disappear as suddenly
and silently as their data did.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!