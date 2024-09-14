If you’re immuno-comprised, you probably know it.

So you pay attention when you hear the media bleating about the risks of West Nile and other mosquito-borne viruses that you need to be vigilant about.

But people aren’t the only ones who have weakened immune systems. You can see where I’m going with this, right?

Some businesses and brands can be–and unquestionably are–immune-compromised. As such they are weaker and more vulnerable to successful assault than those with stronger immune systems that are more able to withstand a variety of attack vectors.

But determining the strength of your immune system isn’t as simple as a blood test. So what are some diagnostics that can be used to assess whether your defenses against negative perceptions, customer dissatisfaction, competitive pressures, and shifts in the marketplace, are as robust as they need to be? Let me point out that this new idea of an immune-comprised brand is a different assessment model than “brand health,” which has been kicking around the industry for a while. Brand health looks at traditional measures like sentiment, awareness, NPS (net promoter scores), search visibility, and other metrics.

While these techniques are not without value, they are typically generated by a CMO or someone who is responsible for the well-being of the brand. Their self-interest is on the line, so it is rare that someone is going to throw themselves under the bus with an absolutely incriminating report card. They’ll justify some fragile numbers with some modest improvements, as in: “While our NPS is down because we had a software glitch, it was fixed, and at the same time we improved our Google ranking.”

Nobody really knows or has the time to probe deeply into these isolated data points–or dive deep to address the underlying issues–so brand health becomes a check-the-box exercise. Brand health doesn’t identify systemic, immuno-comprised risks.

It also doesn’t appropriately measure threats on the horizon–the equivalent of emerging viruses. Nor does it measure a brand “organism’s” ability to respond to changing threat vectors. Here’s one of dozens of similar examples: Gillette was, no doubt, feeling fat and happy about its brand health until it got hit by the double whammy of disruptive attackers–competitive pathogens, to extend the metaphor–like Dollar Shave Club and Harry’s, and by shifts to beards and mustaches and stubble chic. Billions in enterprise value were lost because of a masked immune-compromised status.

So what’s a better model than the traditional metrics? And by the way, human health researchers are working all the time to identify new markers of a weakened immune system, an area where marketing has lagged.

My new approach is to borrow a kinetic, dynamic, real-time model that is central to how cyber-security operates. It’s called red-teaming, and I like the way IBM defines it: “Red teaming can be defined as the process of testing your cybersecurity effectiveness through the removal of defender bias by applying an adversarial lens to your organization. To accomplish this, authorized ethical hackers are brought in to emulate real attackers’ tactics, techniques, and procedures (TTPs) against your own systems.”

To apply this to your organization, you need to bring in what I will call “ethical marketing hackers.” They don’t exist now, but they should. (Note to self: start this business immediately upon completing this column.)

These individuals need to be deeply experienced in understanding the inherent weaknesses of your brand and your marketing organization and similarly must be intimately familiar with the market you compete in. This both-sides knowledge will enable them to develop brilliantly unexpected attacks that will enable them to determine just how strong–or immuno-compromised–your business is. For example, ethical marketing hackers could analyze your product strategy–and roadmap–from a rival’s perspective, looking for vulnerabilities, weaknesses, and positioning. Beyond that, they would challenge the core assumptions and systemic belief systems of your business, looking for immune fragility that comes from over-confidence and the sunk-cost fallacy.

The latter is one of many cognitive biases that work together, in an insidious fashion, to create immune systems that may appear strong but are actually weak. Those biases included groupthink, confirmation bias, and so many others that Wikipedia has an entire page devoted to them. When people ask me to recommend the most important business book, I tell them to start with that page, because unless you understand how human beings are fundamentally flawed in the way they process information and make decisions, everything else you read will be fundamentally distorted.

But I digress. Back to ethical marketing hacker operations. One difference between cybersecurity and marketing strategy is that with the latter, vulnerabilities are immediately apparent. I’ve watched this exercise, it’s like the coolest video game you’ve ever seen because it’s real. When it comes to monitoring a company’s or brand’s immune system, though, it’s not a live fight. As I imagine this new discipline, it will be a multi-step process. Initially, the ethical hackers will need to do background work and true excavatory diligence. Once that’s done, though, there is a real-time component. The ethical hacking team needs to confront and challenge the marketing team, with a red-team combination of insight and, yes, viciousness, about each and every assumption, program, and defense mechanism. The result will be an objective determination as to whether the immune system is more of a Maginot line than the Iron Dome.

Can it stand up to Dollar Shave Club and tectonic changes in facial hair fashion?

This new paradigm I am proposing will need to develop its own metrics of immune health, and over time they will become important new benchmarks. The ranks of ethical marketing hackers will come from a combination of experts with domain experience. Or they can just be really smart and insightful people with an attacker’s DNA. Red teaming experts in cyber are largely industry agnostic, because defending data security is, for example, largely agnostic to e-commerce and pharma. Till this discipline is built and matured, you can either use your network to find ethical marketing hackers, or conduct an internal test of how vulnerable your immune system is. Just make sure that those playing the red team role are as free of defender bias to the extent possible.

CMOs and heads of strategy will push back, so this will likely have to come from the CEO. The responses will be predictable: “We don’t need it. We ask ourselves tough questions all the time. We’re covered.”

When you hear that, you know that your immune system is probably weaker than you think.

