Destination data breach — the unexpected stop on the customer journey


Share on LinkedIn

Photo credit: Adapted photo from Unsplash, Nigel Tadyanehondo

When thinking about recent data breaches (Under Armor, Chipotle, Uber are just a few that spring to mind), the frequency of these incidents is quickening and the impact is widening, forcing both IT and business teams to make data security an intentional piece of their business strategy. And with GDPR in effect, companies must now identify a breach, discover who has been impacted, and notify vulnerable individuals in three short days according to the 72-hour customer breach notification rule. With 81 percent of security professionals anticipating a cyber attack this year, we’re now at a point where even CMOs must develop their own strategy to minimize the impact of a breach on the end-to-end customer experience.

People don’t forget
Breaches used to be the sole domain of CSOs or CISOs. But savvy CEOs and boards have become increasingly involved given the impact on shareholders, customers and corporate reputation. One in five customers would completely stop a relationship with retailers after a cyber attack, while one in three customers would take a long-term break.

Given customer loyalty is primarily driven by trust, CMOs now have an obligation to promote trust through thoughtful and intentional interactions. They can no longer limit the customer journey to onboarding, upselling or cross-selling. Like it or not, CMOs must also plot breaches as a likely destination on the customer journey. Otherwise, they risk eroding trust further in times of breach.

Who wants to receive a generic promotional email for a trip to Tahiti from an airline right after their data has been compromised? If anything, the message will likely deteriorate the relationship with the customer even more.

Marketing departments inherently know this, but very few have the capability to create a tone-appropriate customer experience mid-journey when an exceptional event occurs. Unfortunately, all too many companies keep their customer experience engines running as though nothing had changed. If a company were to blast inappropriate or irrelevant communications in the aftermath of a data security issue, customers may feel justifiably upset, when really all they want to know is how their data will be protected now and in the future.

Customer expectations have changed, and the impact of these communications missteps and mistakes is sometimes irrevocable. One in three millennial consumers say there’s nothing a brand can do to win them back after a negative experience. The stakes are high for CMOs, but there are clear steps companies can take to better incorporate security breaches into their customer journey.

Know what you don’t know
First, CMOs need to work closely with CSOs and CISOs before, during, and following a security breach to ensure the customer journey strategy is aligned with the security strategy. CMOs should not only be included in Disaster Recovery and Business Continuity Planning exercises, but also be vital decision-makers in breach-handling exercises, as well.

On the other hand, CSOs and CISOs should have a voice in relevant marketing initiatives. For example, CMOs should have security-minded stakeholders and legal consultants weigh in on preventative measures the marketing team can proactively take to protect customer data and ensure GDPR preparedness. For instance, the new 72-hour customer breach notification rule means a sharp increase in unplanned touchpoints with customers. If marketing and security teams don’t coordinate, they risk oversaturating customers with alerts, promos, and chaotic, tone-deaf communication.

Dear [insert name here].
CMOs must also ensure they have a cross-departmental, up-to-date, unified customer record inclusive of all historical interactions, current status, and what their intentions might be. Having the capability to quickly react to a security breach and put out a coordinated, tone-appropriate customer outreach is not just beneficial for customer relationships — it’s a competitive differentiator.

For example, consider a malware attack that left thousands of retail customers’ credit card information vulnerable. Identifying those affected is only step one. An incorrect email or an out-of-date address could be the difference between salvaging your customer relationship and adding insult to injury with a communications misstep.

Let’s still be friends
Finally, CMOs must acknowledge that customer journeys are neither linear nor one-size-fits-all. Too many customer journeys are designed for a “point-A-to-point-B” sales process, versus the reality of customers’ dynamic needs. Today’s customers expect tailored experiences that map to what they’re going through — and this includes data breaches.

So if a customer’s password and username are breached, rather than driving the customer to the next upsell, companies should communicate timely instructions on how to reset her login information. The customer will likely have a more positive response to the interaction, and feel more trust toward the brand. The company may also want to include offers for discounted or free services to offset the pain she’s experienced. Being able to take this kind of customized detour will ultimately help customers return to the original course — including an eventual upsell.

CMOs who prioritize and plan appropriate outreach as a key touchpoint in the post-breach customer journey will win back customer trust, giving their companies and customers another opportunity to engage under more favorable circumstances. Be loyal to your customers, and they will be loyal to you.

Ted Bardusch
As the CISO for Usermind, Ted Bardusch is responsible for all aspects of security and compliance for the company. A 25-year security veteran, Ted built his own firewalls and won several “Capture the Flag” hackathons.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here