[BreachExchange] Destination data breach — the unexpected stop on the customer journey

Mon Jun 25 19:51:00 EDT 2018

http://customerthink.com/destination-data-breach-the-unexpected-stop-on-the-
customer-journey/

When thinking about recent data breaches (Under Armor, Chipotle, Uber are
just a few that spring to mind), the frequency of these incidents is
quickening and the impact is widening, forcing both IT and business teams
to make data security an intentional piece of their business strategy. And
with GDPR in effect, companies must now identify a breach, discover who has
been impacted, and notify vulnerable individuals in three short days
according to the 72-hour customer breach notification rule. With 81 percent
of security professionals anticipating a cyber attack this year, we’re now
at a point where even CMOs must develop their own strategy to minimize the
impact of a breach on the end-to-end customer experience.

People don’t forget
Breaches used to be the sole domain of CSOs or CISOs. But savvy CEOs and
boards have become increasingly involved given the impact on shareholders,
customers and corporate reputation. One in five customers would completely
stop a relationship with retailers after a cyber attack, while one in three
customers would take a long-term break.

Given customer loyalty is primarily driven by trust, CMOs now have an
obligation to promote trust through thoughtful and intentional
interactions. They can no longer limit the customer journey to onboarding,
upselling or cross-selling. Like it or not, CMOs must also plot breaches as
a likely destination on the customer journey. Otherwise, they risk eroding
trust further in times of breach.

Who wants to receive a generic promotional email for a trip to Tahiti from
an airline right after their data has been compromised? If anything, the
message will likely deteriorate the relationship with the customer even
more.

Marketing departments inherently know this, but very few have the
capability to create a tone-appropriate customer experience mid-journey
when an exceptional event occurs. Unfortunately, all too many companies
keep their customer experience engines running as though nothing had
changed. If a company were to blast inappropriate or irrelevant
communications in the aftermath of a data security issue, customers may
feel justifiably upset, when really all they want to know is how their data
will be protected now and in the future.

Customer expectations have changed, and the impact of these communications
missteps and mistakes is sometimes irrevocable. One in three millennial
consumers say there’s nothing a brand can do to win them back after a
negative experience. The stakes are high for CMOs, but there are clear
steps companies can take to better incorporate security breaches into their
customer journey.

Know what you don’t know
First, CMOs need to work closely with CSOs and CISOs before, during, and
following a security breach to ensure the customer journey strategy is
aligned with the security strategy. CMOs should not only be included in
Disaster Recovery and Business Continuity Planning exercises, but also be
vital decision-makers in breach-handling exercises, as well.

On the other hand, CSOs and CISOs should have a voice in relevant marketing
initiatives. For example, CMOs should have security-minded stakeholders and
legal consultants weigh in on preventative measures the marketing team can
proactively take to protect customer data and ensure GDPR preparedness. For
instance, the new 72-hour customer breach notification rule means a sharp
increase in unplanned touchpoints with customers. If marketing and security
teams don’t coordinate, they risk oversaturating customers with alerts,
promos, and chaotic, tone-deaf communication.

Dear [insert name here].
CMOs must also ensure they have a cross-departmental, up-to-date, unified
customer record inclusive of all historical interactions, current status,
and what their intentions might be. Having the capability to quickly react
to a security breach and put out a coordinated, tone-appropriate customer
outreach is not just beneficial for customer relationships — it’s a
competitive differentiator.

For example, consider a malware attack that left thousands of retail
customers’ credit card information vulnerable. Identifying those affected
is only step one. An incorrect email or an out-of-date address could be the
difference between salvaging your customer relationship and adding insult
to injury with a communications misstep.

Let’s still be friends
Finally, CMOs must acknowledge that customer journeys are neither linear
nor one-size-fits-all. Too many customer journeys are designed for a
“point-A-to-point-B” sales process, versus the reality of customers’
dynamic needs. Today’s customers expect tailored experiences that map to
what they’re going through — and this includes data breaches.

So if a customer’s password and username are breached, rather than driving
the customer to the next upsell, companies should communicate timely
instructions on how to reset her login information. The customer will
likely have a more positive response to the interaction, and feel more
trust toward the brand. The company may also want to include offers for
discounted or free services to offset the pain she’s experienced. Being
able to take this kind of customized detour will ultimately help customers
return to the original course — including an eventual upsell.

CMOs who prioritize and plan appropriate outreach as a key touchpoint in
the post-breach customer journey will win back customer trust, giving their
companies and customers another opportunity to engage under more favorable
circumstances. Be loyal to your customers, and they will be loyal to you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180625/d3afa249/attachment.html>