You may not think about cybersecurity being an important part of your brand, but you should 

The secret cybersecurity tool you already have

Let’s talk about the crucial overlap of a few areas of brand that aren’t as obvious: internal branding and communications, cybersecurity, and how they relate to outward-facing brand equity.1

Cyberattacks are becoming more common and more sophisticated. And the advent of AI promises to add rocket fuel to an already exploding realm of foul play and deception.

It’s hard to overstate the damage a breach can cause a brand. Customers rightfully lose trust. The commitment of the brand is called into question. PR must rush to the rescue, and the damage to brand equity and the bottom line is long lasting. The infamy of the lost credibility lives online forever, and becomes a tale of caution for others—if only they’ll hear it.

It may not be obvious at first, but brand is also a powerful weapon in the effort to thwart cybersecurity attacks against companies. Well-executed, effective, strategic, creative brand communications intended for workers, including flagship trainings and ongoing efforts to establish good habits, should be a frontline intervention in every business’ efforts to stop cybersecurity attacks and protect brand, privacy, and lives.  A creative and engaging campaign can even help build trust and brand equity publicly, multiplying the trust dividends brands can reap.

But first, a little context.

No items found.

Threats, threats, and more threats

The need for rock-solid habits around cybersecurity has reached DEFCON 1. At this point, if you haven’t heard, you’re not listening, or worse, have buried your head in the sand. Consider 23andMe, which in December of 2023 experienced a breach that allowed hackers to access the personal information, including ancestry and information about relatives, of about 5.5 million people. Not to mention shook the fundamental trust customers place in a brand that asks for people’s most personal, sensitive information: their DNA. Brands ask for a lot when they encourage customers to entrust such critical data with them. The sense of betrayal stings and erodes at hard-earned brand equity.

Because accounts of identified genetic relatives are linked within 23andMe, this gave the hackers access to both a hacked users’ account and anyone they were linked to as a relative through the service. The effects of a cybersecurity mistake spread fast, and anyone can fall victim, even just by association, because of the interwoven nature of the digital world.

23andMe has been clear that hackers were able to brute force their way into accounts because users had weak passwords or had reused passwords that had been compromised in the past.

But what if good cybersecurity habits started in the workplace? How can effective brand communication build equity and help make the digital world as a whole more secure, even as the threat grows?

Breaking down internal-external distinctions

Brand equity, like cybersecurity, is a continuum that connects inside and outside. Digital lives are integrated, from work to home, from home to the world. The proliferation of remote work simply blurs these distinctions even more. When a worker makes a mistake on their work laptop, which they’ve taken home, it can spell disastrous consequences for the company. When a worker is at the office with their personal mobile phone, cyberattacks through that personal device can quickly cascade into a crisis.

Likewise, insufficient attention to internal branding is a known issue that costs businesses employee loyalty, morale, and team alignment, and can quickly undermine public-facing marketing efforts. Well-done internal marketing inspires workers to care about and believe in the company’s brand, leading to more productivity and greater loyalty through shared purpose and identity. As an afterthought, internal brand information is often distributed as memos, newsletters, or other uninspiring, dry collateral. Rarely are workers sold on the ideas and values of the brand itself and invited to identify as a critical part of it. 2

Of course, those things are always important. But when it comes to cybersecurity, falling short can be catastrophic.

No items found.
No items found.

Cybersecurity is scary. But what do you do about it?

Of course, technology is constantly being used in innovative ways to try to stop cybersecurity attacks. But the fact is, the weak link is very frequently the targeted human beings.3 No matter how sophisticated your cyber defenses are, if workers don’t practice good cybersecurity habits consistently and always, the company is at risk.

The human element means this is a problem of brand and story, not technology, as much as those defenses have been bolstered.  

So, here are concrete steps to take to address cybersecurity as an internal brand issue.

1. Be honest

It’s easy to want to sidestep the issue of cybersecurity or assume technology will protect you and your company. But do a serious audit and reflection on what your company is doing about cybersecurity and what the stakes are. Do employees think about cybersecurity every day, with every digital interaction? Have they made it a habit and are they carrying best practices home with them? What would happen if a hacker broke into your systems, for you and the world beyond?

2. Consider your brand and values

Companies spend so much time and resources working on outward facing brand and it can pay dividends. Cybersecurity breaches present an immediate and deep loss of trust and loss of brand equity, in particular if the company is responsible. Further, the positive qualities of brand personality companies seek to express have to be backed up by actions. Consider your brand trustworthy? Need to be able to confidently communicate that customers’ data privacy is central to your approach to ecommerce? Internal brand efforts should reflect those values.  

One key to the following two points: skip the stereotypes of the cybersecurity awareness genre of locks, hackers, and hoodies. Dig into brand and break out of the mold to get people’s attention, engage them, and leave a lasting effect. Lean into brand and narrative to really move the needle.

3. Rethink your training

This is one of those places that’s often an afterthought. Cybersecurity training often relies on low-quality, external, readymade products. But that doesn’t reflect your brand or the seriousness of the issue. See what we’ve done for some of our clients here.

4. Wage a campaign

Any big business is familiar with an ad campaign, but cybersecurity deserves the same care and creativity as ads. Boosting conversions and sales means nothing if the company implodes from cyber recklessness. Strategic and creative branded internal campaigns reinforce training and help to remind workers of the stakes and build habits. Here’s a cybersecurity campaign we did that yielded serious results.

5. Keep it fresh and top of mind

One of the biggest liabilities as cybersecurity has become more important and more of an all-the-time concern is fatigue. It is easier to save passwords in your computer’s browser, turn off multi-factor authentication, or reuse passwords. Create sustainable, continuous messaging and branded touch points that keep workers aware and vigilant, encouraging identification with the brand and enthusiasm for protecting it. After all, workers are ultimately protecting themselves, at work and at home, by internalizing and consistently practicing good cybersecurity.

Take it as seriously as your biggest marketing campaign, because it is

Cybersecurity must be a first priority for everyone and every business in the current fantastically connected digital world. People’s digital lives have a lot of tangible, hackable value, and customers and employees trust businesses to be responsible and handle that relationship and that data with care.

Cybersecurity training, internal brand communication, and the commitment to educating and inspiring workers deserves the same level of strategy and creativity to change behavior and establish habits among audiences as the most ambitious marketing blitz. Business leaders can take the straightforward actions above to strengthen their organizational messaging and practices around cybersecurity. The more attention-grabbing and creative, the better.

We’re proud to have executed a number of innovative, measurably effective campaigns that have helped tackle this mission critical challenge for our clients that have generated excitement and changed behaviors. Connect with us to learn more.

No items found.
No items found.
No items found.
No items found.