CMO’s Corner: Why Marketers Should Care About Security More Than Ever
August 2, 2017
Editor's Note: This guest post was contributed by Holly Rollo, Chief Marketing Officer-SVP, RSA Security.
Modern marketing is a data-driven marvel. We are obsessed with targeting, capturing, nurturing, analyzing, and predicting everything about our customers and their behavior — so much so, that marketers today devour new technology and undergo epic digital transformations on par with IT, engineering, finance, HR and sales. This is all in the quest for better data and more precise insights.
To win, modern marketers have evolved and become both data scientists and technology architects to achieve our objectives, fuel pipeline, prove value, propel our brands, and justify incremental budget ask, often in situations where we have little IT support.
Oftentimes we must do this on our own — building ‘shadow IT’ capabilities outside the walls our IT and security teams work hard to protect. But, this pattern of behavior will have serious implications, because the modern digital age is now fraught with unmonitored, nefarious human ingenuity and increasing levels of regulation around data protection and privacy.
As a customer, personal data—your interests, purchasing habits, search history—is our treasure. And with this comes the responsibility to safeguard that data from fraud, breaches or malicious intent the best we can, or we put our brand reputations and the confidence of our investors at risk. Now, the entire risk equation will change and, on May 25, 2018, four letters will shine a brighter light on our marketing digital transformation if we aren’t ready: GDPR.
The General Data Protection Regulation (GDPR) is a new law that establishes a single set of rules for every European Union Member State to protect personal data of an EU data subject (i.e., the personal data of every EU citizen). This doesn’t just apply to European companies, or companies that do business in the EU. It applies to ANY company around the world that collects, stores, or processes personal data of EU citizens.
While marketing is doing a better job of understanding the best practices around data security and regulatory requirements, this is a game changer because GDPR also introduces significant fines for non‐compliance, including revenue‐based fines of up to 4% of total annual worldwide revenue.
I believe we’re experiencing a fundamental shift in the way we, as marketing leaders and brand stewards, assess the risks associated with our role in housing and protecting our data collateral. But, this marks yet another change. Data safeguarding is no longer an IT problem or security problem, it is a very real business risk that marketing must pay attention to.
This is a daunting proposition since many of us may not even realize our infrastructures might be vulnerable, or worse, already compromised; and, this may be the first time you are hearing about GDPR, or where to start. Here are steps you can take as a marketing organization to start getting ready:
1. Document your data infrastructure and security controls.
What are your policies, procedures, risks and protocols? Do you track personal information of EU citizens? Are your encryption, endpoint detection and response strategies aligned with IT?
2. Understand your data collection protocols.
How are you collecting your data? Is it opt-in? Do you have a mechanism for consumers to track their data and delete it if requested?
3. Work with your CISO to align your infrastructure to a solid GDPR strategy.
Be proactive to ensure it fits inside the rest of your corporate data governance.
Transformational marketing leaders have been quick to embrace new innovations and challenges to propel their organizations forward. At the critical juncture we now sit in, crosshairs between our aspirations to deliver competitive advantage while putting our organizations at risk in very quantifiable ways will reshape the modern marketing practice — bringing us closer to IT than ever before.
I encourage you to further understand the scope of this challenge as a marketing community and spread the word. Our 2017 RSA CMO Cybersecurity Survey lays a foundation of key insights in this realm.