By Aaron Tan
Thursday, April 05 2007 04:50 PM
URL: http://www.zdnetasia.com/news/security/0,39044215,62002958,00.htm

While most marketers recognize that security breaches can negatively impact the brands of companies, only 29 percent are familiar with their companies' containment plans for security break-ins, a new study has found.

Commissioned by the Chief Marketing Officer (CMO) Council together with Symantec and Dow Jones, the study found that nearly two-thirds of marketers believe security and IT integrity can significantly impact corporate and product brands, while 76 percent recognize that security lapses can weaken their brands. The study was conducted by U.S.-based Opinion Research Corporation, and polled 250 top marketers and over 2,000 consumers in North America and Europe.

The CMO said this imbalance between recognizing the impact of security on the business and actually incorporating it in corporate marketing, provide a clarion call for marketers to be more concerned and involved in addressing the impact of security on brand trust and customer loyalty.

In an interview with ZDNet Asia, Philip Yeap, Symantec's senior marketing director for the Asia-Pacific region, said the same trend may very well be extended to Asia even though the study did not involve marketers in the region.

Yeap said: "If you look at transactions on the Web, it's a borderless world. In developed Asian countries like Singapore and Japan, consumers are equally knowledgeable and expect the same level of protection as their counterparts in New York."

He cited a study by public relations company Edelman, which noted that when a security breach in Japan occurs, consumers would refuse to buy products and services from the affected company and 55 percent of them would tell their peers about the incident. Furthermore, 63 percent said they would not invest in the company and 55 percent would seek legal redress.

Yeap noted that this trend could probably be magnified in Asia because the Internet population in the region is growing at a faster pace, and "will surpass the United States very soon". "Many more people will transact online in Asia," he said.

"The issue is how Asia will grapple with this growth, and make sure we have the right policies and processes to ensure security breaches are mitigated," he added.

Marketers are often unaware of their companies' security policies, due to the lack of communication between IT managers and marketers, he noted.

"And, even if marketers are aware of security polices, they should weave it into their marketing plans as a strong differentiator for their companies," Yeap said. However, the CMO study found that 60 percent of respondents did not consider security to be a significant theme in their companies' messaging and marketing communications.

Citing studies by Emory University researchers in the United States, Yeap noted that a company loses, on average, 0.63 percent to 2.1 percent value in stock price when a security breach is reported. This is equivalent to a loss in market capitalization of US$860 million to US$1.65 billion per incident.

"Marketers should care because it can cripple brand equity and have financial implications," Yeap added.

He noted that in general, concerns about the impact of security on a company's brands are not escalated to the board level. However, once discussions take place across human resource, finance and marketing departments, a more robust strategy can be crafted to address any brand implications, he said.

For example, marketers should get chief executives to be more vocal about the importance of security to their brands, both within and outside the company, Yeap suggested.

"The CEO should become the focal point for all of management to heighten people's security awareness, and that the company is proactively putting processes in place to take care of security issues," he added.

According to Yeap, banks that provide e-banking services have been early movers in emphasizing security in their marketing messages. However, he expects healthcare providers to follow suit, once they start allowing patient records to be accessed over the Internet.

"Security may be more obvious if you're doing business online, but internal security measures are frontiers that people do not think about," Yeap said. "You cannot underestimate potential exposure of your customer information."