Data Breaches and Brand Management: How to Preserve Your Brand Value

With the recent data security breaches at several powerhouses, brands need to find new brand management strategies to maintain their value.

By McNeal Maddox, Clickz

I spent the last few weeks waiting for a letter that I hoped would never come. I was waiting for a letter from Anthem Health Insurance telling me that my personal information was compromised in their recent data security breach. I signed up for the Anthem health plan through my employer, but just like the other 80 million plan participants estimated to be affected by the recent hack, I never signed up for this.

Every day, consumers are becoming more aware of the threat of cybercrime and its potential effects on their lives. Unfortunately, brands consumers trust are often unwitting accomplices. Target. Home Depot. Zappos. Sony. Anthem. Regardless of industry or size, no brand is immune to hacking. Even companies expected to be highly vigilant in guarding against cybercrime such as JP Morgan Chase have been compromised.

"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident." Those aren't the words of Anthem's chief executive (CEO), but instead Zappos' CEO Tony Hsieh, following the 2012 data security breach that compromised 24 million customers' names, addresses and passwords. Aside from the costs of damage control after a breach has been discovered, the stigma attached to the loss of customers' personal information can have a negative impact on their willingness to choose a brand in the future. This calls for a new type of brand management. As more brands depend on customers maintaining online accounts — full of personally identifying information — to generate revenue and remain competitive, brands need to ensure their value propositions around online safety are more than window dressing.

Consider three numbers: 40. 61. 46 percent. Out of context, they're meaningless. Put into context, they show the importance of protecting the people who keep brands in business — especially in the ultra-competitive retail industry. Forty million is the amount of credit card numbers compromised in the Target Thanksgiving hack of 2013. The company spent $61 million in two months to cover damages from the breach. The biggest impact was the ripple effect on corporate profits for the holiday season, as Target suffered a 46 percent loss in profit from same-quarter sales year-over-year. The most mind-boggling aspect of the whole incident was that Target had spent more than $1 million to implement preventative cyber security and measures six months before it even happened.

Another cautionary tale is Sony Corp. The highly publicized breach at Sony Pictures earlier this year revealed once again that the billion-dollar, multi-national entertainment brand was lax in protecting its digital assets — similar to the incident that occurred with its PlayStation division in 2011. The issues with protecting customer data and their own employees' information raise serious concerns about entrusting sensitive personal information to any network that Sony operates. As Sony plans to launch its Vue premium cable-over-the-Internet service in 2015, the company's poor track record of protecting customers' personal information could impact its ability to attract new subscribers. With so many banking, retail, and entertainment options for consumers to choose from, and practically zero switching cost, security and privacy become more than just table stakes. They can provide a competitive advantage for brands.

Craig Spiezle, executive director and founder of the Online Trust Alliance, emphasizes brands' new role in protecting customers' personal information: "Privacy and security are important brand differentiators and companies need to move from a mindset of meeting compliance requirements to becoming a steward of consumer data." Nuala O'Connor, current president and CEO of the Center for Democracy and Technology and previous global privacy leader at General Electric, acknowledges that privacy and security have to be a cross-functional priority for companies, enhancing the marketing strategy with input from privacy and security experts: "Privacy professionals need to be engaged with teams across the organization, not just IT, legal, and compliance departments. They should participate in early stage product design processes, meet with the engineers and customer services representatives and take part in marketing and sales efforts."

No one wants to receive the dreaded "We regret to inform you..." letter or email from a trusted brand notifying them that their personal information has been compromised. The resulting potential for lost revenue and customer loyalty is even more worrisome to brands that allow customers' sensitive personal information to be exposed. With so much at stake, it's important for brands to ensure that claims of safety and privacy aren't just marketing fluff and that it is actually part of an overarching brand management strategy, but backed by solid systems and policies designed to protect customer data. Because most customers don't send letters or emails to notify companies about steps they're taking to resolve a situation after their personal data is exposed. Most customers just disappear as suddenly and silently as their data did.