NEW YORK: Marketers are typically given a secondary role when otherwise consumer-centric firms suffer data breaches, meaning the response to such crises often does further harm to brand reputation, a new paper in the Journal of Advertising Research (JAR) has argued.

This subject was the focus of The Impact of Cyber Attacks on Brand Image: Why Proactive Marketing Expertise Is Needed for Managing Data Breaches, which was published in the latest issue of JAR.

And the timely "Speaker's Box" report from Kimberly A. Whitler and Paul W. Farris (Darden School of Business, University of Virginia) comes on the heels of one of the most crippling cyber-attacks in history, with Yahoo announcing in December 2016 that over one billion accounts had been compromised in 2013, after reporting three months earlier that an estimated 500 million user accounts had been hacked in late 2014.

"The brand and business consequences of Yahoo's mishandling of the breach are significant," the authors contend. "Because of the slow disclosure of notification to users, which delayed confirmation by more than a month, and the inconsistency in the proxy filing, US lawmakers demanded clarity and investigation by various agencies and by Yahoo itself."

Beyond that massive breach, Whitler and Farris continue, "The Yahoo example illustrates that data are vital assets. Indeed, four of the world's five most valuable brands are information brands or brands that are data-oriented and leveraged."

To compound the problem, the University of Virginia scholars note, "Most organizations close ranks behind their legal teams, leaving their brands' marketing credibility vulnerable to damaging consequences."

Drawing upon expertise theory, and using a number of case examples, the authors suggest ways for marketers to protect a brand and its equity when data breaches occur – with Target, which suffered a breach in 2013, being an especially useful illustration.

"Few companies have attempted to minimize damage the way that Target did, by talking directly to consumers, once they figured out that consumers were reluctant to shop," Whitler and Farris write.

"Both the action taken and the language of the message appear to have been driven by a marketing, rather than legal, mindset."

Additionally, the authors encourage companies to undertake empirical research that would inform CMOs on how to engage, lead, and establish data-security strategies that specify "who should be involved; the differing roles within the C-suite; how they should be involved; and best practices for preventing and managing the aftermath of data breaches."

Data sourced from Journal of Advertising Research; additional content by WARC staff