Research Highlights Growing Impact of Security on Corporate Brands and Business Performance

Sept. 25, 2006
CMO Council study measures increasing security concerns across customers, corporate executives, marketers and media

PALO ALTO, Calif. -- Marketing executives are failing to keep pace with the financial, customer and brand implications of information security in the digital age, according to the latest findings of a major research initiative by the Chief Marketing Officer (CMO) Council. With customer sensitivity, media scrutiny and public awareness about security escalating in every sector of the economy, companies must do more to develop contingency plans and brand strategies to address both the risks and opportunities associated with security, the study warns.

The research initiative, entitled Secure the Trust of Your Brand: How Security and IT Integrity Influence Corporate Brands, represents the most comprehensive study to date on how security is impacting business value and performance, customer confidence and retention, and brand reputation and integrity. In collaboration with Symantec and Factiva, a Dow Jones and Reuters company, the CMO Council study includes major surveys of corporate executives, marketers, and customers, including a survey of more than 2,000 consumers in North America and Europe conducted with Opinion Research Corporation, as well as in-depth discussions with 25 leading marketing executives on the study's advisory board. Other key elements of the research include extensive analysis conducted by Factiva of media coverage surrounding security breaches and issues and additional brand and business performance analytics conducted by the Zyman School of Brand Science at Emory University's Goizeuta Business School.

Secure the Trust of Your Brand demonstrates that information security issues, especially information breaches and lost customer data, are having a tangible impact on customer loyalty, company stock valuations and executive agendas. The study suggests that leading corporate marketers and brand managers should and will play a growing role in addressing security concerns in their companies. However, many companies have been slow to implement contingency plans, new corporate and product messaging, and other marketing and brand communications that address the security issues.

Among study findings:

o While both corporate marketers and business executives indicate emphatically that security concerns are rising for their companies and their customers, just 29 percent of marketers say that their company has a crisis containment plan in case of a security breach. Furthermore, although 60 percent of marketers believe that security and IT integrity provide an opportunity for brand differentiation, 60 percent also say that security has not become a more significant theme in their company's messaging and marketing communications.

o Consumers confirm they're both worried and agitated. Sixty-five percent say they have experienced some kind of computer security problem. Over half say they would either strongly consider or definitely take their business elsewhere if their personal information were compromised.

o Many business customers are also ready to sever relationships over breached data. Half of all corporate executives polled said they would either consider or would recommend taking their business elsewhere if a business partner suffered a security breach that compromised their corporate or customer data.

o Factiva reports that more than 17,000 distinct articles were written on security breaches and issues from January 2005 to July 2006. Media coverage of security breaches is having a significant brand impact on the companies involved. In several cases, security coverage of specific companies that suffered a breach accounted for more than half of all stories written about those businesses in 2005,

o Security breach events directly impact stock performance. Emory University researchers found that a company loses, on average, from 0.63% to 2.10% value in stock price when a breach is reported -- equivalent to a loss in market capitalization of $860 million to $1.65 billion per incident.

o The study identifies three critical actions in the preservation and promotion of brand trust:

I. Prevention -- Having the right technologies and security policies

in place to keep a security breach from occurring II. Crisis Containment -- In case of a security breach, a company must be prepared to address customers, business partners, shareholders and the press in an honest, upfront manner, and thus "softening the blow" to the brand.

III. Restitution -- A company must have a plan in place to help the victims of the breach (consumers, or in the case of B2B, partners or other companies) -- financial, or via services such as a free credit check, for example.

"An organization's most valuable assets are its reputation and its ability to sustain customer loyalty," said Alan Scott, chief marketing officer, Factiva. "Security breaches and negative publicity for an organization can put that trust in jeopardy. Those companies that can effectively manage their reputations have a better chance of attracting new customers and retaining existing ones."

Marketing in Security Sensitive World

Although the vast majority of marketers and other executives polled believe security is an important marketing and business concern, the report revealed that many marketers are slow to develop new brand and customer communications strategies for a security sensitive world. For example, 64 percent of marketing executives believe security and IT integrity significantly impact corporate and product bands, versus 19 percent who do not. Some 76 percent believe security breaches negatively impact the brands of companies whose securities have been compromised. However, in order for companies to differentiate their brands based on security and trust, those companies need to have a solid security foundation to prevent breaches and loss of customer data.

However, 60 percent of all marketers report that security has not become a more significant theme in their company's messaging and marketing communications. Only 29 percent say their company has a crisis containment plan for security break-ins and failures, while another 27 percent said they didn't know if such a plan exists. In contrast, some 49 percent of other corporate executives say they are aware of a crisis containment plan, indicating a possible disconnect between marketers and other business units.

Slightly more than half of all marketers surveyed said they believe their role and influence in addressing security policies will increase in the future.

"As our digital dependency grows, the connection between information security and brand trust becomes much stronger," said Donovan Neal-May, executive director of the CMO Council. "Our study shows that, while some companies are aggressively addressing this issue, too many are not and, therefore, run the risk of brand and business value erosion."

The complete report on the Secure the Trust consumer findings, as well as an Executive Summary featuring key findings of all of the Secure research, can be downloaded at The final comprehensive report, available later in September, can be pre-ordered on the site.