BLOG POST

A stronger connection is evolving between CMOs and CISOs, especially in regard to current and future regulations related to customer consent and preference management. Regulations impact everything from incident response plans and data privacy policies to cookieless websites and social media platforms.

Marketing and security should be collaborating on these and other initiatives — and they should do so early and often. Yet this is often not the case.

CMO Council’s latest report with KPMG, Marketing and Data Security: the Unlikely Brand Building Partnership, found that 33% of marketers say security organizations are hesitant, even unwilling, to collaborate. And in 65% of campaigns, security isn’t actively engaged by marketing during conceptualization and planning.

Our findings are based on a survey of 256 marketing leaders across industries and geographies. Additionally, we conducted in-depth interviews with marketing or security executives from Teradata, CDW, The Doctor’s Company, and PSEG Long Island.

The survey found a collaboration blind spot with marketing campaigns. Only 35% of marketing-security partnerships collaborate during campaign conceptualization and planning. For the vast majority of campaigns, security isn’t actively engaged by the marketing team until after they’re already in motion. Among less-evolved marketing-security partnerships, more than half (53%) don’t collaborate on campaigns at all.

“The relationship between marketing and information security absolutely has to evolve because of the unknown territories we’re in, such as the influx of GenAI and the role of trust and privacy,” says Aditi Uppal, vice president of digital marketing and demand generation at Teradata.

Data protection starts with an understanding of what data is collected, purposes for which it’s used, and with which third parties it’s shared. Proactive collaboration between security and marketing teams can streamline this process and make the job easier for each respective team, is a key recommendation.

PSEG Long Island’s John Kupcinski says companies have a risk appetite — tolerance and exposure — and the job of cyber is to draw tolerance down through corrective means and limit exposure as much as possible.

Cybersecurity can be an effective partner to collaborate on innovative security features, Kupcinski says. (Kupcinski’s personal opinions in no way reflect the opinions or positions of PSEG Long Island.)

AI Threat

Brand hijacking, unseemly online ad placement, and customer data breaches are just a few of the security incidents on the rise. There’s no shortage of alarming stats. Marketers haven’t missed the warning signs either. Two-thirds of marketers say security breaches of customer data are top of mind when planning initiatives, making investments, and executing campaigns, our study found.

Better collaboration can reduce risk — but it’s a two-way street. Marketing leaders need to understand, at a high level, how to protect data. Security leaders need to consider how to structure data management and protection thoughtfully to avoid limiting business agility.

The top marketing initiative posing the greatest security threat is the use of AI, followed by customer behavioral data and Internet of Things, according to our survey. Gartner also cites generative AI (GenAI) as a driving force behind top cybersecurity trends in 2024.

CMO Council’s key recommendation here, is to prepare your business to be at the forefront of AI technology in your industry by acutely examining your data collection, storage, and usage across functions.

“With the proliferation of AI, specifically around chatbots like ChatGPT, it's imperative that TDC employees remain diligent in our efforts to safeguard sensitive data,” says Jesmine La Russa, VP, Marketing, The Doctor’s Company.

Our study found that 46% of marketing-security partnerships that are willing to collaborate were “very satisfied” in their ability to preserve brand reputation. Only 1% of marketers in a partnership that is less willing to collaborate said the same thing.

Regular communication about marketing’s intentions with data can help ease tensions. Kupcinski says security should be involved in marketing meetings early and often in order to tailor the marketing output while drawing down risk.

For example, marketing-security partnerships willing to collaborate tend to have regular joint meetings (44%) or regular communications over email and other channels (27%) more so than partnerships less willing to.

As marketers compete on customer data insights and leverage emerging AI technology, the marketing-security partnership will continue to be under the spotlight. This extensive study by  CMO Council and KPMG aims to understand how marketing and security can redefine their working relationship to get ahead.

DOWNLOAD the report for in-depth insights from industry CISCOs,