While cybersecurity has traditionally been considered a cost center and a way of remaining compliant, forward-thinking organizations recognize that promoting their security posture can be an excellent way of driving sales, building trust, expanding into new markets, and differentiating from competitors. In this article, we dive into three organizations breaking traditional corporate silos and using their cybersecurity posture as a core pillar of their brand and overall business strategy.
In 2014, Apple’s CEO, Tim Cook, wrote an open letter that addressed Apple’s intention to prioritize security and privacy for its customers. Since then, it has been clear that Apple has incorporated security into every facet of its business. Whether it be differentiating from competitors with its anti-tracking tool AppTrackingTransparency (ATT) or building customer trust with its Mail Privacy Protection, Apple is an excellent example of a company putting security and privacy at the forefront of its product roadmap and brand messaging.
Below we show one notable advertisement where Apple highlights its privacy features while aiming at rivals Facebook and Google.
Apple’s positive cybersecurity reputation helps launch new products and features.
Some big tech companies like Facebook have a poor data security reputation and consistently deal with barriers when launching new products. Apple, on the other hand, has used its strong security and privacy reputation to successfully enter new markets and expand offerings. Not only is Apple able to consistently release products and features that meet the requirements of highly-regulated industries such as healthcare and finance, but they have also gained such strong customer trust that these new offerings, regardless of the private information required, are heavily and rapidly adopted.
In today’s world, messaging apps are one of the most common ways for private information to be exposed on the Internet. While Slack’s mission is to make work-life simpler, more pleasant, and more productive, they also heavily focus on securing data and meeting compliance requirements.
Slack’s security program is built on in-depth defenses and securing the organization at every layer. They focus on delivering identity and device management, data protection, and information governance – without compromising agility. Here are a few ways that Slack has used cybersecurity to build trust and grow its organization:
Slack uses security as an upsell opportunity.
Slack’s security features such as two-factor authentication are only available in their paid plan. Not only does this offer revenue growth opportunities, but it also positions Slack’s security as being sophisticated enough to stand alone in its own category and is worth the paid upgrade for security-conscious users.
Slack incorporates security into its content marketing strategy.
In addition to providing research and articles focused on productivity and communication within the workplace, Slack publishes content that provides cybersecurity education and helps customers understand what they are doing to protect customer data. Breaking corporate silos and incorporating security into its content marketing strategy, even when security is not the company’s focus, has allowed Slack to demonstrate to customers that they take the security of their data seriously.
Founded in 2008, DuckDuckGo is a leading search engine that allows users to search without being tracked by cookies and other technologies. From the start, privacy has helped drive the organization’s growth and has been at the forefront of its value proposition and marketing efforts.
In this privacy-focused advertisement, DuckDuckGo takes a less than subtle dig at Google with a parody of the song Every Breath You Take by The Police.
DuckDuckGo’s privacy reputation helps retain existing customers and gain new customers.
Between Google consistently hitting the headlines after falling victim to cyber-attacks and the rise in privacy-conscious consumers, there has been an influx of people looking for more private ways to browse online. DuckDuckGo has consistently established itself as a privacy leader in the search engine market and is top of mind for consumers looking to switch to a more secure option. With over 100 million daily searches and 6 million monthly app downloads, DuckDuckGo has become North America’s second most commonly used search engine. The positive security and privacy reputation that DuckDuckGo has established will continue to help them achieve record growth year after year.
How are these organizations similar?
The organizations mentioned in this article all have unique security strategies and different ways of promoting their security postures. Among these brands, there are a few similar characteristics in terms of the security efforts they prioritize and how they communicate these efforts with customers.
1. They have all experienced a negative privacy and security reputation at some point.
Up to this point, this article has focused on the strong security postures of these three organizations. However, one consistent thing among these brands is that they have all experienced incidents that have put their positive privacy reputations at risk. Despite this, all of these organizations were able to effectively address the incidents and maintain the trust that customers have in their brands.
- Over the years, Apple has experienced a number of security and privacy incidents. If these incidents had happened to any other organization, their brand would likely not survive. However, Apple’s already-established privacy reputation and Tim Cook’s 2014 announcement prioritizing privacy and security have allowed Apple to continue being a privacy leader in its industry.
- On July 17th, 2022, an independent security researcher disclosed a bug to Slack that impacted the hashed passwords (cryptographically scrambled versions of passwords) of users who created or revoked Shared Invite Links between April and July of 2022. Upon receiving the report from the security researcher, Slack immediately took action. They fixed the underlying bug, began investigating the potential impact on customers, reset the passwords of affected users, and publicly disclosed the incident by August 4th, 2022.
- In May of 2022, a security researcher discovered that DuckDuckGo’s web browser allowed user data to be tracked by Microsoft-owned products like LinkedIn and Bing. Considering DuckDuckGo has been proudly promoting its privacy since the inception of its organization, this discovery received a lot of public criticism. However, CEO Gabriel Weinberg was quick to address this situation and his transparent response was welcomed and supported by DuckDuckGo’s customers. He explained that DuckDuckGo has to permit Microsoft’s third-party trackers in order to display Bing search results in its browser. While Weinberg said they were in discussions with Microsoft to remove this requirement associated with its agreement, he was honest about the fact that its “product is not perfect and never will be. Nothing can provide 100% protection”.
These incidents just go to show that there is no such thing as being 100% secure and private in today’s world. The continuous development of technology and the growing sophistication of threat actors have gotten us to a place where unlimited budgets and advanced security measures do not lead to immunity. When these organizations experienced incidents that impacted their positive privacy reputations, they were honest about why it happened, transparent about the measures they were taking to mitigate the damage and open about how they plan to avoid similar incidents in the future.
2. They are honest about their security measures.
While on the topic of honesty, another consistent trait of these three organizations is that they only promote the security capabilities they are able to deliver and embrace that they will always have something to work on. It can be tempting for organizations to leverage the trending terms in cybersecurity to draw attention to their brand. For example, many organizations claim they are Zero Trust but have not taken steps to enact this type of identity governance. Not only does lying about your security measures do nothing to mitigate the risk they were intended to protect, but it is also easy for consumers to see through.
3. They are simple and transparent when communicating their security measures.
Cybersecurity requires simplicity and transparency to be conveyed in a way anyone can understand. All three organizations offer easily consumable information that clearly articulates why certain security processes exist and how to use them. By demonstrating that they value what is important even outside the functional scope of their products and services, these companies have built customer trust and better positioned their brand in the competitive landscape.
4. They take a layered approach to security.
All three of these organizations take a layered approach to security and do not rely solely on endpoints and firewalls to detect risks. For example, they leverage tools that help them understand where private information might already be exposed beyond the traditional corporate perimeter. Solution providers like Media Sonar offer a cost-effective way for organizations to accomplish this. With Media Sonar Digital Risk Assessments, organizations can leverage a customized report of analyst-identified risks across the social, surface, deep and dark web. The report provides remediation recommendations for your organization to mitigate any identified exposures, indicators of data breaches, and reputationally damaging content.
While these organizations have security strategies and budgets that are nearly impossible for smaller organizations to achieve, these brands can act as blueprints for building a competitive advantage by promoting security and privacy.
Organizations looking to build customer trust through their security and privacy efforts must embrace security as an ongoing loop rather than a line with a start and an end. By identifying gaps and being transparent with customers about how they are being addressed, companies of all sizes can position themselves as deserving of customer trust. And, if competitors’ customers start leaving because of a cyber attack, the brands with strong strong security postures will be ready for them.