Historically, IT security has been a business cost center. However, with the scope and scale of recent data breaches, including the TJ Maxx fiasco, consumers are becoming very weary of doing business with organizations that dont adequately protect personal and financial information.

Moreover, recent survey data supports the business case that security can be a competitive differentiator. A CMO Council survey of professional marketers showed that:

  • Seventy-six percent believe that security breaches negatively impact an organization
  • And 60 percent believe that security can be a competitive advantage.

Of the consumer group surveyed:

  • 90 percent are concerned about security and believe that it is "very important or somewhat important for organizations to have clear, visible and understandable descriptions of their security practices."

The take-away from the survey is that there are two areas for marketing the "brand trust" of your organization: your organization's promotion of its security competencies, and, heaven forbid, your organization's response to a data breach.

Once comfortable that your organization has taken strong measures to protect its member data, go ahead and communicate it to your member base. Start your marketing strategy by communicating you're privacy policy - outline how you handle, and potentially share, member data. It is best to use ordinary language that is concise and easy to understand. Follow up with a section on your website that explains how your products and services have been secured. Mention proactive protection measures against fraud, as well as after-the-fact protection from losses related to fraud.

Of course, be careful not to disclose technical details of security measures that could help would-be attackers. Finally, provide tips and best practices for your members so they can take charge of their own security as it relates to physical security (e.g., mailed statements), online banking, and identity theft (e.g., monitoring of accounts and credit reports).

Before launching your security marketing campaign, be sure to get your legal department to approve the material. Undoubtedly, lawyers will want all-encompassing terms and clauses that completely remove your organization from liability. Don't let them go too far. There must be a careful balance between making your customers feel comfortable that your organization is protecting their privacy, and ensuring that you don't expose your organization to liability.

The second component of "brand trust" is your organization's response to a potential data breach. Unfortunately, the statistics show that it may happen, so plan for the worse case scenario. Because the response plan is member facing, it will also involve your organization's marketing department. Important characteristics of a response plan include:

Speed of response;

  • Clarity and details of the disclosure/breach;
  • Commitment to addressing the problem and root cause;
  • Undoing of any real or potential damage to members.

It may be tempting to downplay the breach and minimize any public exposure. In some cases this may work. However, there is a good chance that it will backfire and spiral out of control. It is best to bite the bullet and prove to your member base that your organization is ready with an action plan, your organization cares about member privacy, and your organization will fix any issues so that it doesn't happen again.

Security as a strong marketing differentiator won't happen over night and it won't be cheap (although the alternative to poor security is even costlier). A useful analogy is to look back in time at the automotive industry when seatbelts, and then airbags, were first mandated. Many of the auto manufacturers claimed the new safety measures would add too much cost, thereby making their products less attractive to consumers. Today, there are at least two successful auto companies that have built their brands almost exclusively around safety (hint: they both start with a capital "V").

- Jay Barbour is vice president of marketing and product management, Intrusion Inc.