Why CMOs and CISOs should be BFFs

The needs of marketing and IT/security teams rarely overlap in a way that’s beneficial for both, but in the words of the great Bob Dylan, the times, they are a-changin’.

Recent developments in both marketing and security have made it more important than ever to have a strong, strategic alignment between these teams. The clearest example that should jump out at you is brand security. There are direct consequences for both teams when they don’t prioritize brand security.

If your company suffers a breach, IT is not the only team that will suffer from the fallout. The marketing team will feel the consequences too. For instance, a breach could lead to a loss in customer loyalty for which the marketing team will bear the responsibility. That loyalty hit will then lead to a loss of revenue because 70 percent of people will stop doing business with a brand that suffers a data breach. Or marketing may need to execute a PR strategy to mitigate the reputational damage.

On the other side, hackers are waiting to take advantage of the press that you generate for your brand — even positive coverage. We have talked to security teams that see a direct correlation between marketing pushes/PR announcements and attacks trying to spoof the brand, leveraging the increased brand awareness for their own ends. Simply aligning with your security teams on these announcements can preemptively strengthen your defenses.

It’s a vicious cycle, but the good news is that you can reduce the risk. Marketing and IT alignment can be a critical piece of a strong security posture, providing a healthy balance of brand security and brand lift.

Let’s look at DMARC specifically, because there are three clear marketing benefits. 

If you aren’t pushing your Security and IT teams to pursue a DMARC project, you’re missing out.

1.  Third-Party Sender Visibility

The first step of a DMARC project will reveal all email senders using your company’s domain. I can tell you from experience that it is extremely easy to set up an email-sending service without going through the right IT chain of command — and there’s no doubt that many people in your company have discovered the same thing. Once you’ve enforced a DMARC policy for your domain, two things happen:

• emails from these unauthorized systems will no longer be delivered, and
• you will have complete visibility into all third-party email sending systems.

It’s almost guaranteed that this process will uncover redundant tools, saving you money and helping create a full understanding of your tech stack.

2. Increased Email Deliverability

In the same way that Google does not release details on the search engine ranking algorithm it uses, email receivers have been tight-lipped about the precise deliverability benefits of DMARC. But based on what we’ve seen with customers, we estimate that you can expect to see a 5-10 percent increase in email deliverability when you implement DMARC at enforcement.

3. More Brand Impressions

Another benefit of DMARC at enforcement? BIMI. What’s that? You’ve never heard of it? Well, you are missing out on millions of potential brand impressions. If your company is protected by DMARC, Brand Indicators for Message Identification (BIMI) allows you to validate the legitimacy of your email by displaying your official logo right in the inbox UI, next to your messages.

Research shows that consistent presentation of a brand increases revenue by 23% on average. With BIMI, simply sending your regular emails can have an impact on your ROI.

DMARC protects your brand against exact-domain phishing attempts, improves visibility, increases deliverability, and can (with BIMI) deliver more brand impressions. It won’t solve all of your brand protection problems, but it’s an important example of how an IT/security project can have benefits for the marketing team. And a simple conversation can get the ball rolling on these benefits.