"The idea is that part of being a good corporate citizen and protecting the community is going above and beyond and protecting information," said Rasmussen.
But a proactive plan and committee may not be nearly enough, according to Aon Corporation, a provider of risk management services. In a recent survey, Aon polled organizations in more than 40 countries and across 31 industries to find out their views of emerging and escalating business risks. According to the resulting 2009 Global Risk Management Survey report, damage to reputation was the sixth biggest concern among those polled. And a study released this month by the Chief Marketing Officer Council reports organizations' concern over brand management and brand infection is growing as the down economy fuels increasingly global and organized counterfeiting operations. A global audit of 306 marketers found marketers are reporting a greater number of incidents or fraud online with 29.5 percent who said their chief vulnerability is in the digital world.
Online brand attacks can include cybersquatting, the practice of registering, trafficking in or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else (Read a report on cybersquatting growth here). Those who took part in the CMO study said brand value, trust, integrity and reputation are being significantly eroded and damaged as a result of grey market knock-offs, phishing attacks, cyber squatting, email scams, trademark abuse, copyright and patent infringements, and other malevolent forms of brand corruption online.
"Brand attacks, whether through online scams, phishing or cybersquatting, impact brand integrity and reputation immediately because the malicious activities are customer-facing and affect the heart of what contributes to underlying brand value; customer perception," said Frederick Felman, chief marketing officer of MarkMonitor.
CISOs are often involved with implementing plans for combating phishing, often through communication campaigns, said Rasmussen. And intellectual property protection has become an area of concern for CISOs now, too.
"It's not just brand protection to the world," said Rasmussen. "But also to business partners."
However, as with many security expenditures, Rasmussen said the pitch for investment in IP protection is often a tough sell. Rasmussen referenced a case of a CISO with a well-known semiconductor maker that had a partnership with a large mobile-phone manufacturer. While the company was not very interested in the CISOs desire to invest in IP protection technology, they changed their mind when he said "What about their (the client's) IP protection?" forcing the company to think about the implications of a data breach that would effect a client relationship.
"Once he rephrased his argument, it changed their perception," said Rasmussen.
But the digital realm is only one area where attack on brands can take place. The CMO study also found 22.6 percent cited offline concerns, such as supply chain issues, as their main vulnerability. The Aon survey cited distribution or supply chain failure as the eighth largest risk to business.
"Counterfeiters have proven themselves quite adept at getting counterfeit products introduced into the legitimate supply chain," according to Jack Holleran, an Ernst & Young attorney who leads EY's corporate compliance advisory services practice. "There was time when counterfeit products were sold on street corners and in bus stations and back alleys. But it is now much more prevalent to find counterfeit products on legitimate retailers' shelves."
Holleran, who at one point worked for Phillip Morris in the legal department and formed the company's brand integrity unit, is primarily focused now on assisting chief compliance officers with the design and implementation of compliance programs. But brand integrity and anti-counterfeiting are now part of compliance as well, he said. Whether a company is in consumer products, technology or manufacturing, they face the risk of increased scrutiny from regulators if a company does not show that they are taking every reasonable step to protect the integrity of their supply chain and ensure no fakes are inserted into the process. Security also comes into the process, he noted.