This series will explore the three stages that marketers and IT professionals will work through to assess potential threats and vulnerabilities and, in the end, establish a solid risk management protocol. Each post will focus on one of the following stages:
Part I: Understanding the damage that potential threats can do to your data
Part II: Creating the best risk assessment model for your company
Part III: Turning risk assessment into risk management
In any industry, risk is a cost of doing business. Playing it safe keeps things… well, safe, but the return will also be modest. High reward means lots of risk, and that can be scary in the digital world where risk just seems to be multiplying, especially for companies who generate customer data.
We’re never going to eliminate risk, but mitigating the damage is becoming an even greater responsibility for marketers who live and breathe each day in the ever-growing mountain of customer data. Over the next 5 years, data security will continue to be one of the top concerns for brands and customers alike.
Yet as shown in an RIS News and Gartner study, overall fewer retailers are devoting budget to IT and infrastructure in 2018 (69%) than they did in 2017 (88%). Some chalk this up to IT budgets being proportionate to bottom-line revenue, and that many retailers had a tough year in 2017. But is cutting your IT budget a safe or risky move?
You’ve got to invest in your infrastructure to keep pace with the evolving market, and part of that investment directly addresses risk, all the ones you already know exist and all the ones that have yet to rear their heads. In this regard, not investing in IT technology is actually another risk that you have to account for, and it’s critical to brands who generate first-party data. How are you going to protect your most valuable asset from all the threats lurking out there?
The Damage Threats Cause
At its most basic level, risk comprises threats and how likely they are to impact your business. Sometimes, though, risk mitigation falls on deaf ears. It’s too complicated. It won’t make a difference anyway. You can’t predict the future.
For these resistors, it might help to start things off with what your company stands to lose. Something as isolated as your website crashing can and will lead to even greater levels of long-term damage to your company, but a crash is just one of the potential catastrophes you have to protect your company against.
Risk, threats, and the damage they can do are the reasons you cannot hide your head in the sand. Of course, you can try to hide; many companies do avoid facing these issues for as long as possible. BUT all it takes is one breach (think Yahoo, Equifax, Target), and you might not have the chance to rebuild trust with your customers.
Here are just a few crippling ways a risk can turn into a real-life threat and mess you up:
- If your site crashes, you can’t sell your products, and if you can’t sell anything, your cash flow will be interrupted
- If your site stays down for hours or worse, there’s a data breach, your brand’s reputation will be tarnished, and it could take months of scrambling to re-establish trust… if that’s even possible, depending on the nature of the breach or site failure.
- As your reputation gets dragged through the mud and sales fall off, you risk losing market share, which is difficult to regain in the short run.
- The reputation problems escalate into personnel losses, as qualified people start leaving the company to find something more stable.
- Then there are those unplanned costs from acts of nature as well as technological breakdowns. Data recovery aside, you may need to repair physical hardware, hire specialists, or pay penalties, fines, and legal fees.
If your website goes down, you might still be able to maintain contact with customers through other channels, like mobile or email. But what if you’re a pure player and you live and die by your e-commerce website? The damage done to your company could take a few hours to address or a few years.
Double Jeopardy: Database Threats and Marketing Risks
Marketing is not an exact science, so marketers accept that there will always be a level of uncertainty about the campaigns we launch and the strategies behind customer engagement. Despite that acceptance, you still need to minimize potential damage where you can. Two areas you need to assess are the general threats to any company maintaining a database and the risks that are specific to marketing.
The Most Likely Threats to Your Data
The threat we hear about the most is the breach when customer data is illegally taken from a brand’s network. A single breach can destroy all the time and care you’ve put into building a relationship with your customers, but breaches are not the only threats your database may be exposed to:
- Data loss: This is the worst threat of all, even more damaging to a company’s daily business than a breach because the data is completely destroyed. Like a breach, this severely affects a brand’s reputation.
- Denial of access: Similar to a data breach, denial of access takes place when the system is hacked and the data is still there, but no one in your company can access it. A recent trend is that hackers will hold the data hostage until a ransom is paid.
- Denial of service attack: Still widespread today, this kind of attack is designed to block access and ultimately crash a network by overwhelming the system with messages and authentication requests.
- Lack of tech support from leadership: Unlike the external threats mentioned above, this threat originates inside your company, and it’s not a specific action as much as it’s a lack of action. A 2018 RIS study found that 34% of retailers say they’re up against internal resistance to change (not just in terms of data or marketing, but change of any kind) and 33% said their companies are slow to respond to change.
Risks in Marketing
If you’re a marketer, you assess risk on a daily basis. How likely is your Facebook ad campaign to engage customers? Will the campaign give you the response you needed to justify what you spent on it? Even with established methods, you’re always evaluating the pros and cons, the costs and rewards.
How many times have you heard that playing it safe is not a sound plan for the future? That part of being a successful company with a competitive marketing team requires innovation, and innovation is often a high-risk, high-reward proposition?
Sometimes that really risky move is exactly what your company needs to do, and by performing a proper risk assessment for every project and strategy, you can justify going out on a limb, which you will have to do from time to time. Your job will be to judge various known and unknown risks during the following stages as you build a campaign:
- Initial planning: At this stage, risk comes in the form of stakeholders not understanding the scope or objectives of a project. If all parties are not aligned to begin with, the likelihood that the project will stall or fail goes way up.
- Opportunities: Every opportunity needs to be vetted before you commit budget and staff, and while many opps are known quantities and relatively safe, you will come across those that require further research before you go after them.
- Campaign development: During this stage, sometimes you lose sight of the original objectives in an effort just to make the thing work. It’s a big risk though, because if you go too far off the original roadmap, success is undermined.
- Launch: Here you assess the risks your campaign may face during and after it’s launched. Likely risk suspects would be changes in the marketplace that you could never have seen coming. Or perhaps a competitor beats you to the punch with their messaging, and now it looks like you’re the copycat.
- Campaign success: You got your campaign out the door, but the monster of all risks is still looming. Will your campaign bring in the responses you need?
Clearly, there are risks everywhere you turn, but you can defend yourself.
Part II of this series covers your next step: formally customizing an assessment protocol that addresses the data and marketing risks specific to your industry.