By George Butler

Marketers spend a lot of time thinking about the core promise they’re making to their customers, and rightly so. But with such focus on the big, broad promises the brand wants to make, other more tedious, specific ones also creep in.

Promises like “it’s OK, we'll look after your email address” or “don't worry, your bank details are safe with us."

The problem is, your customers can care about these specific promises as much as whether you keep a broad purpose-led promise like ‘to inspire and nurture the human spirit — one person, one cup and one neighbourhood at a time (thanks for that, Starbucks). It’s also really obvious to people when such specific promises are broken.

We shouldn’t need to go through the roll-call of data breaches. But don’t forget TalkTalk lost 100,000 customers and £60m due to a cyber-attack a couple of years back. Marriot International suffered one that affected 500 million of their customers.

So, what do you need to do to stop the data promise being an empty promise?

Understand digital anxiety

Cyber threats are real and need attention. But it’s not that simple for customers.

The paradox is people don’t like the intrusion of having to provide data (whether actively or passively). But they also get annoyed when a brand wastes their time through lack of it.

Customers learning the value of their data is central to breaking the paradox. A recent campaign we did with Kaspersky Lab, the cyber security firm, turned the intangible into something tangible: creating a pop-up called the Data Dollar Store, that allowed people to buy clothing with their personal data.

People can also feel powerless, hence the anxiety. A recent PwC study, ‘’, found that 45% of respondents felt their email or social media accounts would be hacked in the next year.

Your customers deserve clarity on your approach to keeping their data safe as well as confidence in your commitment that you are managing the threat in real time. But they need it to be relevant to how they’re feeling, not how you are. So, understand their anxiety and make the intangible feel more tangible.

Address human error

Information security can be a boring topic at work, I think we can all agree with that. But people still click on that ridiculous phishing email, which can lead to a TalkTalk level breach. Again, in a work context, the risk of not caring about data because you can’t see it is present.

If you can get the people in your business to behave in a way that keeps the information and data you hold safe, you'll be in a much stronger position to maintain your reputation.

We’ve been working with a global FMCG company for the past two years on a behaviour change programme to help ‘make the invisible visible’ for its employees. The internal campaign has built awareness of information security through a couple of key moments enhanced with VR. We’ve coached them on what to do at trigger moments. We’ve also found that over the course of the campaign, they’re too embarrassed to ask the ‘stupid’ questions. So, we’re putting an automated conversational interface that answers all those silly questions you don’t want to ask someone else.

The trick is to normalise behaviour that enables a deepened awareness of cyber threats.

Take the tech seriously

Cyber security is an on-going, emerging threat – even baby monitors are at risk of being hacked.

That new piece of tech you’re placing at the heart of your next campaign needs careful contemplation and consideration (you don't want all that new voice data to blabber all over the place).

Talk with your agency and tech team about whether they use best practice for deployment. Ask whether they adopt a secure software development life cycle (SDLC) and use continuous integration and deployment.

Ask them whether they host their tech using best practice. Do they adopt the principle of least privilege and use an immutable infrastructure?

Also ensure your tech uses best practice to protect your business and customers from malicious actors (read: bad people). Best practice for security headers shows your customers that you are doing all you can to protect them online – a quick check at will help you get the picture. Also ask whether the business uses a content delivery network (CDN) and Web Application Firewall (WAF) that is constantly updating with known threats.

In short, proactively protect your business with the right tools and security standards.

If your agency is not actively helping you deal with these issues, that beautiful new digital service that's going to revolutionise your marketplace may just take you out of the market altogether.

Make sure that if you ask for data you make it feel more tangible for your customers and address their anxiety. Educate your people, so they can recognise a cyber threat when they see one. And make sure you and your agency have secure tech in place.

Get that right and you can get back to the big promises you want to make. Promise.


This was orginally featured in The Drum. To read the original article, click here.


Back to top