• News
  • Columns
  • Interviews
  • BW Communities
  • BW TV
  • Subscribe to Print
BW Businessworld

CISO And CMO: A Shared Agenda For Cybersecurity

To leverage the advantages of a phygital world, enterprises need to adopt a concept in which elements of information security dovetails into marketing to deliver a singular experience.

Photo Credit :


The understanding and implications of branding have been evolving at a breakneck speed since the emergence of consumer internet at the turn of this century. From being a mark for identification and differentiation, branding has acquired a key role in businesses largely due to the changing social contract between consumers and brands. Today, consumers expect their brand experiences to be online and personalized and therefore, digital has become crucial to offering these experiences. As consumers now willingly share their personally identifiable information in the form of email addresses, passwords, financial data, and much more, it is no surprise that cybersecurity threats in the internet age pose a major risk to businesses.

This calls for a synchronized and coordinated response from two mutually exclusive functions - information security and marketing. To understand the future of enterprises and secure it robustly, we need to look at how we got here, how the context has changed, and most importantly, what a shared agenda between a Chief Information Security Officer (CISO) and a Chief Marketing Officer (CMO) looks like. 

Cybersecurity in a data economy

Although cybersecurity is majorly considered the domain and responsibility of the IT department, we have seen the mainstreaming of cybersecurity largely due to hacks, breaches, and cybercrimes targeting consumers.

In a world where every visit, click, or transaction results in a trail of multiple data points, we find ourselves well and truly entrenched in a data economy. While increased digitization prompted by the COVID-19 pandemic has gone a long way in providing convenience and personalized solutions for consumers, it has also been matched in the scale and sophistication of cybersecurity incidents. 

From an organizational perspective, it is estimated that nearly 65% of consumers lose trust in a business and 85% are less willing to deal with an organization following a cybersecurity incident. The data economy is here to stay and with such high stakes, companies must involve the CISOs to secure the consumer data and overall business interests.

Brands in the digital age

According to a recent study conducted by Interbrand, the brand value at risk for the world’s top 100 brands due to a data breach could be as high as $223 billion. This could be largely owing to the intangible value acquired by brands due to their changing relationship with customers in a digital age.

The core strengths of a brand also determine the companies’ ability to develop and deliver new products and enable new revenue models in unfavorable market conditions. In a digital age where trust and credibility determine customers’ loyalty and continued business, CMOs must co-opt the CISO in an ongoing effort to protect and strengthen their brands against tangible and intangible risks. 

The shared agenda for the CISO and CMO

In the given context, there is a strong interplay between the CISO and CMO because of the positive outcomes a seamless collaboration and a shared agenda can yield:

Protecting and promoting the brand in a digital world

CMOs invest a bulk of their efforts in promoting or differentiating their brands. However, given the brand value at risk from data breaches, perhaps it is time for CMOs to include brand protection as part of their agenda as well. And in a digital age, this would by default subsume elements of cybersecurity and the involvement of the CISO.

Securing the MarTech stack

As data becomes a core pillar of business and marketing decision-making, companies need to manually handle a lot of sensitive consumer data, including personally identifiable information (PII). However, as the volume of data increases, the manual process is likely to hit a ceiling. To avoid this, companies must invest in a secure and state-of-the-art MarTech stack and a strong tech infrastructure to back up both branding and cybersecurity functions.

Ensuring partner ecosystem compliance

Conventionally, a CISO is charged with securing the internal network of an organization. However, marketing in its modern avatar is a collective of multiple sub-functions that involve an ecosystem of partners, vendors, and extended teams with a seamless flow of data and information between them. It is critical to ensure that all parties involved are governed by a uniform standard of compliance.

Proactive crisis management and communication

Despite all the systems and processes in place, hacks and data breaches are an unfortunate reality of the business landscape today. And the worst breaches have occurred at the most unlikely enterprises despite all their efforts. With crisis communication and preparedness becoming a priority for business continuity, it is critical for the CISO and CMO to address and communicate with internal and external stakeholders in a timely and transparent manner.

That said, data protection, privacy, and the broader theme of cybersecurity are no longer part of a narrow operational function in this new digital-first environment brand promise and experience matter the most to a customer. To leverage the advantages of a phygital world, enterprises need to adopt a concept in which elements of information security dovetails into marketing to deliver a singular experience

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.

Tags assigned to this article:
cyber security infosys technologies

Vishal Salvi

The author is Chief Information Security Officer & Head Cyber Security Practice, Infosys

More From The Author >>