Mimecast's latest research found that 70% of South African organisations believe the risk of cyberattacks will increase over the next two years. Previous data found that 94% of local companies have been the target of an email-related phishing attempt, with nearly two-thirds reporting that such attacks are increasing.
This may sound like an IT or cybersecurity issue, but consider the impact on the brand's reputation and even the knock-on effects on customers when there's a successful cyberattack.
Mimecast's State of Email Security 2022 report found that two in five South African organisations were only somewhat prepared - or not prepared at all - to detect and take down fraudulent web domains imitating their brands. This put the country last among the twelve countries that formed part of the report. Less than two-thirds of local companies were mostly or completely prepared to detect an email-based attack that directly impersonated their email domain.
This creates huge risk for brands. When a customer opens an email with an offer from one of their favourite brands, the last thing they expect is for a cybercriminal to harvest their personal information. The ease at which criminals imitate trusted brands and trick consumers into sharing their personal details means brands must do more to detect and prevent these impersonation attacks. This will protect the brand's reputation and help maintain positive relationships with their customers, a win-win for marketers and brand managers.
And yet, involvement in cybersecurity activities remains persistently low among marketing professionals. A Deloitte report found that CMOs are typically not involved in cybersecurity activities. The same report found that only 22% of consumer products companies include their CMOs as part of incident response teams in the event of a cyberattack.
It is squarely in marketers' interests to protect customers from cyberattacks. A study conducted by Mimecast in 2021 found that 83% of South African consumers would lose trust in their favourite brand if they disclosed information to a spoofed website.
Seventy-three percent said they'd stop spending money with their favourite brand entirely if they fell victim to a phishing attack involving that brand. And nearly all (94%) said they expect their favourite brand to ensure their services - including their website, emails and other communication, are safe to use.
This may appear unfair to marketers, who have little influence over the actions of criminals appropriating their brands. But there are steps that marketers can take to protect their brands and in turn their customers.
The first is to acknowledge the risks and create awareness around safe online habits. Banks have long been driving cyber awareness programs to highlight cyber threats and help customers avoid mistakes that could compromise their online safety. Every brand should be doing the same, with marketers playing a central role in developing engaging and impactful customer communication around cyber safety.
Marketers can also play a vital role in helping security teams better understand the risks of cyber threats to the brand and its likely impact on customers. This can help security teams develop more robust and fit-for-purpose security strategies.
Working closely with the company's security teams, marketers can help ensure the brand has the necessary defences against cybercriminals. Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email validation tool that helps detect and prevent email spoofing. Our latest data shows that only 52% of South African companies either have or are actively rolling out DMARC, although 34% had plans to roll out such a solution in the next year.
Encouragingly, most South African companies have or are planning to roll out a service that detects and protects against malicious websites spoofing their website or online brand.
Finally, in light of the Protection of Personal Information Act and its disclosure requirements in the event of a data breach, marketers can play an important role in ensuring customers are notified and have the necessary information should their data be compromised.
Cyber threats are unlikely to diminish or disappear in the coming years. As we digitise more aspects of our personal and professional lives, our data becomes an increasingly attractive target for a global cybercrime industry in overdrive.
As the custodians of brands, marketers have a vested interest in ensuring their brands are protected and that customers can interact with the brand in a safe way. For marketing professionals, this means getting more involved with broader cybersecurity efforts and ensuring customers are safe from harmful phishing attacks imitating their brands.