Blog Technology

Cybersecurity Perspective: The Convergence of the CISO and CMO

5 min read
Share In a Post:
Dana KringelAccount Supervisor

Tell me if you’ve heard this one:

A Chief Information Security Officer (CISO) and a Chief Marketing Officer (CMO) walk into a bar. The CISO turns to the CMO and says, “Actually, we have a lot to talk about.”

The joke here is that it’s not funny at all. As unlikely a pair as they may seem, the CISO and CMO are on the same team for a reason, and in today’s rapidly advancing cyber threat landscape, their incentive to collaborate with each other is more apparent than ever.

In this article, PAN will dissect how the CISO and CMO relationship has changed over the years and where their duties converge today. Here are three places in particular where the industry has evolved and we are seeing those roles intersect:

1. Maintaining brand reputation in a security crisis

Data breaches are no longer a question of if, but when.

No organization’s business continuity plan is complete without a crisis communications strategy. Consider that there are the obvious detrimental effects of a cybersecurity failure, from fines to ransomware payments. But brand reputation stands to suffer even more, and this can cost a company a lot, for a long time. ExtraHop’s The True Cost of a Security Breach found that of the five companies it examined post-breach, net income was down an average of 73% in the third quarter following each company’s breach announcement.

These long-term losses can be mitigated through careful crisis communications, and these should be hashed out between the CMO and CISO. Where a CMO has the communication skills, a CISO has all the information customers may want in the event of a data breach: what occurred, how it was handled, and how the company plans to mitigate moving forward. Together, they can work to build a continued level of consumer trust through difficult times.

Related Read – The Cybersecurity Comms Problem That We Need To Resolve

2. Securing data in slightly different ways

Insider risk is at an all-time high, and marketing teams own valuable data.

Given the nature in which a marketer wants to secure leads, a security professional needs to literally secure them. Marketing teams are the keepers of a wealth of customer and partner data – exactly the kind of information a threat actor would be looking to leverage. Insider threats remain one of the most common reasons for a data breach. While insiders are rarely malicious, a marketing team member with poor cybersecurity hygiene could be the difference between a regular Tuesday and a full-network shutdown. 

Marketing teams need to be as security savvy as possible about the data they own and the assets they access. A CISO can provide cybersecurity training that gets employees up to speed on basic security measures – multifactor authentication, phishing emails, and more – and ensures brand protection is top-of-mind at the marketing level.

Related Read – How to Work with Your Integrated Marketing & PR Firm to Build Awareness, Drive Leads and Support Growth 

3. Marketing security to customers (No, really)

Customers now care about the security and privacy of their data. 

If someone asked 10 years ago how much customers cared about their data, they’d probably get laughed out of a room. But in today’s digital-first world, customers have a lot of opinions about who should collect their data, when they can use it, and how it should be secured. The 2024 Thales Digital Trust Index found as many as 87% of consumers expect basic levels of data privacy to be met, including the right to be informed if their data is being collected (55%), and the right to have that data erased (53%). The previous year’s report found that 21% of consumers stopped using a company who suffered a data breach, of whom 42% requested they delete their information altogether. 

It’s in every CMO’s best interest to have a good understanding of their organization’s security capabilities, and for them to communicate those capabilities to their customers and partners. Not only can this provide a level of comfort during lead capture moments, but it also can be an essential part of marketing campaigns to encourage further trust in a brand.

In the world of unlikely duos, the CISO and CMO actually… aren’t that unlikely a pair. While their strategies are different, their goals intertwine. The CMO owns the brand and the CISO protects it, and that means these two should be communicating often to meet each other at the critical intersection of digital experience and trust (or at the bar, whichever works).

At PAN, we’ve handled cross-storytelling of all kinds. Keep your eyes peeled for more cybersecurity expert perspective on the cross-connection of the CISO and CMO. In the meantime, we invite you to dig deeper into another key factor influencing brand trust – artificial intelligence (AI):

Read Across the Divide: The Pitfalls and Potential of Building a Partnership with AI, the latest installment of the PAN Brand Experience Report series

An image of PAN's Brand Experience Report on the Potentials and pitfalls of AI for marketers

In our annual Brand Experience Report, we asked marketers and customers how they are using and experiencing AI to better understand how the technology is changing that relationship.