In this episode of SaaS Half Full, Lindsey Groepper speaks with Gina Hortatsos, CMO at LogicGate, about the importance of the marketing organization taking an active role in risk and compliance.
Gina believes the CMO — and other departmental leaders — have equal responsibility for risk and compliance as the infosec or legal team. Listen in as she shares the different components of organizational risk (spoiler alert, it’s not only cyber) that contribute to overall risk management and defining a company’s risk profile. She also provides tips for creating a “risk register” for the marketing org to play its part effectively.
Defining a Risk Profile
Regardless of the stage and size of an organization, every SaaS company should have a defined risk profile. This should start as a C-level conversation and be carried through all departments. It details an analysis of the types of potential threats the organization could face and an evaluation of the organization’s willingness and ability to take risks.
Gina refers to this as a company’s “risk DNA,” which includes much more than cyber security risks. Risk is everywhere, from anti-bribery training to industry regulation compliance, and needs to be proactively discussed.
“Even a small company can sit in a room and brainstorm for an hour on the different types of risks posed to the business, which is column one,” says Gina. “Column two is the different controls that you can put into place to make sure that you are mitigating or managing that risk. And then column three is how often do we have to go back and look to make sure that we’re mitigating it properly.”
Marketing’s Role in Risk
While things like GDPR and email security are top of mind for marketers when it comes to risk, Gina advises expanding the department’s view on what risks fall under their department. One of the most significant areas is reputational risk, which encompasses more than a data breach and a SaaS PR crisis strategy.
Reputational risk can present itself in other ways, including public reactions to geopolitical instability, someone cloning your website and claiming your domain in another country, or failing to trademark a logo or other branded assets. Suppose a SaaS organization doesn’t have an enterprise risk plan. In that case, Gina believes it presents a massive opportunity for the CMO to take a more strategic seat at the table by leading the conversation.
“If you are paying attention to the risk posture of your company, if you’re thinking about how to help build this business…determining as an executive team what we need to source and analyze to take the smartest possible risks and what our tolerance is; if you’re leading those conversations…you are looked at as a strategic player.”
For more of Gina’s insights, listen to Episode 327 of SaaS Half Full.