A strong working relationship between your CISO and CMO can bridge the gap between your organization’s information security and marketing priorities, allowing you to use data effectively while mitigating security risks.
Traditionally, an organization’s chief information security officer (CISO) and chief marketing officer (CMO) haven’t had a significant overlap when it comes to day-to-day roles and responsibilities. The CMO focuses efforts on brand growth and marketing strategy, while the CISO focuses on architectural efficiency, reliability and security.
Today, data is the lifeblood of business. Businesses have access to copious amounts of consumer data and use it to gain a better understanding of their market and customer base. To the CMO, this is a gold mine, supplying more detailed insight into the wants, needs, habits and activities of their target demographics. These insights can result in initiatives with large scopes and larger budgets.
On the flip side, the CISO sees the red flags and vulnerabilities that come along with this information: privacy and security threats, technological limitations, and reputational risk. Typically, their response is to reel the scope back in to reduce risk and budget. As you may expect, this can result in internal friction as to who is truly responsible for managing this data, making it more important than ever for the CISO and CMO to establish an effective working relationship.
For your organization to capitalize on the benefits of “big data,” the CISO and CMO must work together cohesively. This can be a challenge initially, as the two not only have different objectives when it comes to the use of data but also face difficulties in effectively communicating and understanding the other’s perspective. To establish this relationship effectively, the CISO and CMO should follow these critical steps to avoid setbacks or breakdowns in communication.
1. Establish common short- and long-term goals.
This one may seem obvious, but it’s likely the most critical aspect of the relationship’s foundation. Each side will have objectives they want to meet, and those objectives likely steer in opposite directions (especially when it comes to the budget). Where the CMO will look for more data points and more access, the CISO will look for stronger protections and stricter access control.
Rarely, if ever, will the two sides have aligned perspectives about what they should prioritize. To avoid issues and breakdowns in the relationship, establish long-term business goals and intermediary milestones to ensure that both sides are working toward a common goal.
2. Break down the communication barrier.
Anyone working within the IT realm has seen it. You start explaining the details of an issue or a project. You try to keep it simple, avoiding technical terms and acronyms as much as possible, but then you notice others’ glazed-over eyes and nodding responses. You could be using completely made-up terminology for all they know.
If you expect others to understand your perspective, they will need to understand the language you use, especially when it comes to security. The same goes for those within IT trying to understand marketing jargon and methodologies. Breaking down these barriers by educating the other on the simplest terminology can go a long way to increasing the effectiveness of the relationship.
In addition to simply breaking down the language barrier, having a better understanding of mindsets and concerns will result in bringing better proposals to the table. Identifying the information and reasoning that will be valuable to the discussion for outside groups beforehand will result in conversations that are more open and productive.
What is a security framework? Why does working in a cloud environment present different risks and challenges? Why are these data points relevant to marketing? Why does some data create a greater risk than others?
Things that may seem simple and obvious to you may not be so clear to others.
This may mean that you need an intermediary party with a better understanding of both sides to facilitate conversations. Establish common ground and ensure there is nothing lost in translation as an important part of creating a functional and effective relationship.
3. Establish a communication plan
As with any relationship, communication is key. Establishing a recurring sit-down or planning session together will help ensure any new ideas or needs are on the radar and both sides will give them the appropriate consideration. You should determine the frequency of these meetings based on the volume of work you are performing together or upcoming goals and milestones.
If you bring an intermediary into the fold, they should be part of these conversations as well. These sessions should serve as a chance for each side to better understand the wants, needs, and challenges the other faces.
As the business world continues to shift, the lines separating the traditional organizational charts will continue to blur. It’s critical to establish effective relationships among all the departments and layers of an organization. Take steps to ensure those relationships are open and reciprocal to help generate success not only for those parties but also for your organization as a whole.
Cybersecurity can feel overwhelming, but it doesn’t have to be. Our white paper explains effective approaches to managing cyber risk in your company.
