Data-security events in the modern era could be categorized as "Before Target" and "After Target." The effects of the company's late-2013 data breach of as many as 110 million consumer records and credit-card numbers continues to ripple -- even reaching marketing departments across the country.
The Target breach and subsequent media coverage "put some wind in the sails" of a previously-backburner cyber-security-task-force initiative at Estée Lauder Cos., said Teena Lee, VP-privacy and e-commerce counsel at the beauty firm. "The conversation now is getting a little bit more organized."
Lately when people at Estée Lauder are developing a new branded mobile app or implementing an
e-commerce program, data security and privacy concerns are top of mind. That means more work for Ms. Lee and her staff. "Now I'm actually one of the first calls," she said.
Estée Lauder's Global Information Systems team vets vendor security, added Ms. Lee. "I tap into my partners in GIS Risk, saying, 'We've got this thing getting built. I need you to vet the vendor from a data-security perspective and advise on anything we need to add to the program to make this secure.' "
A variety of culprits can be responsible for a data-security breach: anti-corporate activist hackers, organized criminals, groups backed by adversarial nation states seeking trade secrets -- and perhaps most surprising -- a company's own employees.
One data breach can cost an average of $500,000 for a U.S. corporation, according to a 2013 PwC study. On top of that, not only is a company's stock price destined to drop, but brand reputation is damaged and customers become wary. PwC reported customer churn rises almost 4% as a result of data breaches.
"What has very carefully and strategically been built, all of that can be unraveled very quickly in the context of a data breach that hits newspapers," said Emily Stapf, director of forensic technology at PwC. Corporations victimized by a data breach typically employ forensic services to uncover the causes of a data leak.
Historically, companies have placed data security under the purview of their IT and legal execs. In today's post-Target environment, security conversations have climbed their way to the boardroom. Now brand-conscious CMOs and other marketing execs want a seat at the data-protection table, too.
"This is part and parcel with putting together a marketing program," said Ms. Lee regarding global data security at Estée Lauder. "It's not a foreign concept for people here."
"We have actually had compliance where the marketers have asked to look at privacy through their lens," said Carolyn Holcomb, partner and leader of PwC's data-protection and -privacy practice. "In the past we have not seen a lot of marketing execs in this area on the proactive side."