Value your brand? Then take IT security seriously
For most people, IT security is a bit like flossing: you know you should do it regularly, but somehow you never get round to it. We all know we should have a different password for every app, service or site – and that we should change them every few months – but how many of us actually do?
Now, I would like to think businesses take IT security much more seriously than the average consumer. But every month another company hits the headlines because of another IT security breach. This month alone there were two in one week.
Equifax making headlines
One recent high-profile breach came two weeks ago when Equifax, which dubs itself a “global information solutions company”, reported that social security numbers, dates of birth and addresses of around 143 million customers had been leaked following a hack. Not only did the company apparently leave its doors wide open for cybercriminals, it even inadvertently directed concerned users to a phishing site specifically set up to troll the organisation.
This is worrying, terrifying even. This is a company millions of people trust to securely track consumer data, one that surely knows breaches like this are becoming far more frequent. And one that proudly claims to “serve as a consumer advocate, steward of financial literacy, and champion of economic advancement.”
Equifax has unquestionably been damaged by this cybersecurity incident. Its consumers have been left in a state of flux. They’re questioning how they can trust the company to champion their economic advancement when it can’t even protect their identity. And to make matters even worse, the company’s CEO has stepped down – leaving someone else to rebuild the company’s reputation.
No brand is safe
You don’t have to look far to learn that 15 of the 20 companies on this year’s “World's Most Valuable Brands” list, published by Forbes, have been subject to an IT breach in the last five years. One of the world’s “big four” accountancy firms, Deloitte, was targeted only this week.
A growing number of these hacks are coming from within – the so-called “malicious insider”. It’s something even “the world’s most secretive company” isn’t immune to. Incredibly, with just days before its iPhone launch event, Apple faced an apparent “intentional act of sabotage” that revealed details of every product. For a brand like Apple, which wrote the book on the secrecy of a product reveal and centres its marketing strategy on suspense – not to mention priding itself on being “deeply committed” to customer security and privacy – this was a huge blow.
Brand Apple is built not just on great products, but on marketing hype, surprise product reveals and, of course, “one more thing…”. If you’re a (potential) Apple customer, your purchasing decision may have already been influenced before the launch because of the breach. Which, for Apple, represents a worrying lack of control. The leak might also make you wonder if there are other malicious insiders at the company, and why they became so disgruntled in the first place – and that might dent your trust in the brand. We recently created an infographic with consultancy firm TORI Global that explores the cause and effect of the malicious insider phenomenon:
See full infographic here.
While the impact of IT hacks is commonly reflected in the share prices of the business involved (in the wake of the Equifax beach its share value plunged 16%) I think another factor is much more important – the impact on the brand’s value.
Forbes defines brand value as: The ultimate currency craved by companies. A valuable brand spurs demand and creates pricing power.
The author and entrepreneur Seth Godin expands on this:
“A brand's value is merely the sum total of how much extra people will pay, or how often they choose, the expectations, memories, stories and relationships of one brand over the alternatives.”
Brand value is the strength of the relationship between a company and its (potential) customers. It’s mutual trust, shared values and a sense of identity. It’s the reason a customer chooses an iPhone over a Samsung Galaxy S and will spend big on a Mercedes over a Ford. And, it is why Kraft bought Cadbury for a whopping $19.5 billion – it wasn’t buying the factories or the chocolate – it bought the brand for its value.
Damage to a brand’s reputation should not be taken lightly; it can take a lot of time and cost a lot of money to try and rectify. After investing $500 million to restore its brand reputation, BP is still counting the cost of the Deepwater Horizon oil spill seven years on, with many still boycotting the brand. Although the disaster and ensuing PR nightmare wasn’t down to an IT security breach, it shows just how much it can cost to fix a damaged brand reputation. When it comes to IT, the two-way exchange of data and value between brand and customer needs to be foolproof. Your consumers need to feel safe trusting you. They are your most important investor after all.
As Creative Director, I spend a huge amount of time working with a host of different companies to improve their brand value. According to the Gartner CMO Spend Survey, on average companies spent 12% of their revenue to set themselves apart. But all this cash and hard work can be wasted in a matter of minutes because of an IT breach. And, given the increasing sophistication of today's cybercriminals, I think we can expect more incidences of cyber attacks specifically designed to impact brand value. “Brand hacking” if you will, but not in the positive sense.
When a business is hacked, it’s not just data that’s at risk – it’s the brand’s reputation and value. Companies must realise that if they truly value their brand and customers, they must pay more attention to reputational flossing.