When customers leave your business it can crush your revenue, and it’s really difficult to get those customers back. According to the “2018 Cost of a Data Breach Report,” conducted by the Ponemon Institute and sponsored by IBM Security, health, financial, pharmaceutical and service organizations are more vulnerable to churn because customers also have higher expectations for the protection of their data in these highly regulated industries.

There is an untapped ally in your business that can help you not only reduce customer churn but also improve your brand image and delight your customers — your security team. One thing I have observed since I joined IBM Security is that security teams are uniquely positioned to help marketers keep the customers they have and gain new customers, especially when their competition has a security issue.

Why Are Customers Leaving?

There are three common reasons customers leave a business.

1. Bad Customer Service

An Oracle study found that almost nine in 10 customers have abandoned a business because of a poor experience. When I look at bad customer service through a security lens, I tend to think about ensuring data is safe and that systems are available.

By protecting your customer’s data with things like encryption, strong identity and access management (IAM) controls and data life cycle management, marketing’s job of keeping customers is made easier. Further, when your business infrastructure is able to repel and withstand attackers, your customers can count on you to provide the services they need. Things like distributed denial-of-service (DDoS) or malware attacks should not get between you and your customers.

2. Poor User Experience (UX)

We’ve all been there: You try to sign up for a new service and get stuck in a frustrating loop of trying to create a password that meets irritatingly weird requirements. Marketers and security teams need to team up to deploy ways to authenticate that are frictionless and fast, and only challenge customers or employees if there is a high risk.

This is why passwordless authentication, FIDO integration and even decentralized identity are fascinating. Each makes it easier to access the systems or applications we all count on, but increase the strength of the security that protects the data housed in those apps.

At the 2019 IBM Security Summit, IBM Fellow, Vice President and Chief Technology Officer (CTO) Dr. Sridhar Muppidi talked about how, with next-generation identity and access controls, we can drive down customer friction while increasing customer control. This combination of lower friction and higher control has an interesting byproduct: increased trust.

But that trust is not just from the customer’s point of view. With strong authentication, a business, and therefore marketers, can be assured that when a customer accesses a digital experience (things like apps, websites, etc.) they are confident that they are their customer.

Going a step further, tools like adaptive access use multimodal machine learning security risk models to provide real-time risk determination based on context (time, location, user behavior attributes, device info, etc.). This can increase or decrease the amount of friction a consumer experiences. The impact of adaptive access to build incredible user experiences is enormous.

3. Loss of Trust

What goes through your mind when you hear that a company has lost your data? From misuse to theft, the result of a data breach or privacy violation is the same: eroded trust. Good security helps your customers feel the confidence they need to continue to work with you.

I recently asked IBM’s CTO of Marketing and Digital Sales Jessica Criscione to give me an example of something that was invisible and that improved customer experience. Her answer, “Not having security breaches,” is telling. Good security hygiene, especially with customer data, has a direct impact on marketing success. Earning new customers is six times more expensive than keeping the ones you have under the normal condition, according to ThinkJar, and earning them back after they’ve lost trust is even harder.

Marketing and Security Need to Collaborate to Delight Customers

If you are in marketing, you are probably intimately aware of the above reasons for customer churn and have likely built programs and metrics into your business to address these (and likely many more). Eventually, I’d like to see marketing teams include the value that security brings in their metrics, but first, leaders in both disciplines need to collaborate more often to improve and deliver great customer service, build delightful (and fast) onboarding and drive customer success.

When I talk to leaders in marketing and security, these conversations are not a normal part of doing business. One leader said, “I haven’t found that the security teams talk to marketing very often. When they do, it’s usually to hop in randomly for an ‘assessment’ out of context, and they are usually trying to have discussions with the wrong team members.” This randomness creates frustration, confusion and extra work inside your business.

Opportunistic chief information security officers (CISOs) and chief marketing officers (CMOs) should see this as a chance to align their teams and create smarter practices between them. This is especially important considering the cybersecurity skills shortage. Having your marketing teams not only aware of security but also able to better implement and support your security posture is a win for everyone.

Get Everyone on the Same Team

After talking to Criscione and others about how to improve the collaboration between security and marketing teams, she suggested that security teams could best help by:

  • Sharing contacts on the security team that can advise on security and compliance topics
  • Providing clearly defined standards and specific testing tools and methodologies
  • Finding ways to build security into regular workflows

These are very achievable, practical suggestions that any security team could adopt or any marketing team could ask for. To all the marketing teams out there, partner with your security teams, take advantage of what security has to offer. Security and marketing teams are both focused on ways to control customer churn, deliver a great customer experience and avoid the loss of trust that can happen to any business when they have a security incident.

As someone that has spent nearly 20 years working with and around marketing teams, I see a ton of alignment between the two disciplines. Security is a team sport — it’s time for CMOs and CISOs to join forces.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today