Does “generational marketing” really matter in the B-to-B world?

For marketers working in certain industries, an interesting question is to what degree generational “dynamics” enter into the B-to-B buying decision-making process.

Traditionally, B-to-B market segmentation has been done along the lines of the size of the target company, its industry, where the company’s headquarters and offices are located, plus the job function or title of the most important audience targets within these other selection criteria.

By contrast, something like generational segmenting was deemed a far less significant factor in the B-to-B world.

But according to marketing and copywriting guru Bob Bly, things have changed with the growing importance of the millennial generation in B-to-B companies.

These are the people working in industrial/commercial enterprises who were born between 1980 and 2000, which places them roughly between the ages of 20 and 40 right now.

There are a lot of them. In fact, Google reports that there are more millennial-generation B-to-B buyers than any other single age group; they make up more than 45% of the overall employee base at these companies.

Even more significantly, one third of millennials working inside B-to-B firms represent the sole decision-makers for their company’s B-to-B purchases, while nearly three-fourths are involved in purchase decision-making or influencing to some degree.

But even with these shifts in employee makeup, is it really true that millennials in the B-to-B world go about evaluating and purchasing goods and services all that differently from their older counterparts?

Well, consider these common characteristics of millennials which set them apart:

  • Millennials consider relationships to be more important than the organization itself.
  • Millennials want to have a say in how work gets done.
  • Millennials value open, authentic and real-time information.

This last point in particular goes a long way towards explaining the rise in content marketing and why those types of promotional initiatives are often more effective than traditional advertising.

On the other hand … don’t let millennials’ stated preferences for text messaging over e-mail communications lead you down the wrong path. E-mail marketing continues to deliver one of the highest ROIs of any MarComm tactic – and it’s often the highest by a long stretch.

Underscoring this point, last year the Data & Marketing Association [aka Direct Marketing Association] published the results of a comparative analysis showing that e-mail marketing ROI outstripped social media and search engine marketing (SEM) ROI by a factor of 4-to-1.

So … it’s smart to be continually cognizant of changing trends and preferences. But never forget the famous French saying: Plus ça change, plus c’est la même chose

Fewer brands are engaging in programmatic online advertising in 2017.

How come we are not surprised?

The persistent “drip-drip-drip” of brand safety concerns with programmatic advertising – and the heightened perception that online advertising has been showing up in the most unseemly of places — has finally caught up with the once-steady growth of economically priced programmatic advertising versus higher-priced digital formats such as native advertising and video advertising.

In fact, ad tracking firm MediaRadar is now reporting that the number of major brands running programmatic ads through the first nine months of 2017 has actually dropped compared to the same period a year ago.

The decline isn’t huge – 2% to be precise. But growing reports that leading brands’ ads have been mistakenly appearing next to ISIS or neo-Nazi content on YouTube and in other places on the web has shaken advertisers’ faith in programmatic platforms to be able to prevent such embarrassing actions from occurring.

For Procter & Gamble, for instance, it has meant that the number of product brands the company has shifted away from programmatic advertising and over to higher-priced formats jumped from 49 to 62 brands over the course of 2017.

For Unilever, the shift has been even greater – going from 25 product brands at the beginning of the year to 53 by the end of July.

The “flight to safety” by these and other brand leaders is easy to understand. Because they can be controlled, direct ad sales are viewed as far more brand-safe compared programmatic and other automated ad buy programs.

In the past, the substantial price differential between the two options was enough to convince many brands that the rewards of “going programmatic” outweighed the inherent risks.  No longer.

What this also means is that advertisers are looking at even more diverse media formats in an effort to find alternatives to programmatic advertising that can accomplish their marketing objectives without the attendant risks (and headaches).

We’ll see how that goes.

Diamonds in the rough: Retail jewelry stores take a hit.

As disruption wends its way through the retail marketplace, jewelers are the latest sector being upended.

In the world of retail, it makes total sense that e-commerce would be making certain sectors such as traditional bookstores a thing of the past. After all, the products they sell are identical to what’s available online — even down to the UPC barcode.

The only difference is a higher price tag – along with a few other impediments like store hours, the hassles of parking and the like.

But as time’s gone on, it’s become clear that the impact of e-commerce is affecting shopping behaviors in retail segments that might never have been thought to be susceptible.

Consider retail fine jewelry. If ever there was a segment where consumers could be expected to want to “see and feel” the merchandise prior to purchasing, it would seem to be this one.

However, a recent analysis by gem and jewelry industry specialist Polygon has found that the U.S. retail jewelry industry is reeling from the triple phenomenon of falling diamond prices, store closures and a liquidity crunch that has persisted since 2016.

Super-competitive pricing offered by online-only retailers and their foreign suppliers has put relentless pressure on gem prices at every step in the supply chain, it turns out. Profit margins have slipped badly as a result.

Consequently, an increasing number of jewelry businesses in the United States have found that economics of maintaining physical stores just aren’t working out.  Since 2014. a raft of store closures has affected both independents and chain operations.

At the top of the supply chain, the biggest international producers of gems are responding to the industrywide pressures by cutting costs through mine closures, employee layoffs and assets sales. Probably the most prominent example of this is Anglo-American PLC, which laid off more than 85,000 workers at the beginning of this year, along with putting more than 60% of the company’s assets up for sale.

Par for the course, the relative bright spot in the overall picture is online jewelry sales. Online is taking up the slack of the other channels – but at lower sticker prices.  Online retail sales of fine jewelry continue to grow in the high single-digits, even as the rest of the industry struggles mightily to maintain a business model that has become precarious in the new “online everything” world of retail.

I have my doubts that jewelry stores will disappear completely from the shopping malls, like we’ve seen happen with retailers of movies and music. But the days of a jewelry store outlet anchoring every major crossroads intersection at the shopping mall are probably history.

More information on the Polygon report can be found here.

IoT’s Ticking Time Bomb

The Internet of Things is making major headway in consumer product categories — but it turns out it’s bringing its share of headaches along for the ride.

It shouldn’t be particularly surprising that security could be a potential issue around IoT, of course.  But recent evaluations point to the incidence being more significant than first thought.

That’s the conclusion of research conducted by management consulting firm Altman Vilandrie & Company. Its findings are based on a survey of ~400 IT decision-makers working at companies that have purchased some form of IoT security solutions.

According to the Vilandrie survey, approximately half of the respondents reported that they have experienced at least one IoT-related security intrusion or breach within the past two years.  The companies included in the research range across some 19 industry segments, so the issue of security doesn’t appear to be confined to one or two sectors alone.

What’s more, smaller firms experienced higher relative “pain” caused by a security breach. In the Vilandrie survey, companies with fewer than $5 million in annual revenues reported an average loss of $255,000 associated with IoT security breaches.

While that’s substantially lower in dollar amount to the average loss reported by large companies, the loss for small business as a percentage of total revenues is much greater.

More findings from the Altman Vilandrie research study can be accessed here.

The vacations that aren’t: The myth of “getting away from it all.”

Even with the end-of-year holidays coming up, for many families, the biggest vacation time of the year is now over.

And if you took that vacation and were able to steer completely clear of any work-related requirements … consider yourself lucky.

For years now, we’ve heard about the challenge to “disconnect” completely while on vacation, as more ways for the office to intrude on personal time and space continue to proliferate.

For the latest insights on this issue, we have a recent online survey of 6,600+ travelers from 14 urban areas around the world, conducted by Marriott Reward’s Global Travel Tracker.  Foremost among the research findings is that the majority of us are staying connected with our work via e-mail or other digital means while on vacation.

Breaking down the responses by gender, a larger portion of women than men reported that they are able to completely disconnect from work while on vacation.

On the other hand, by a 36% to 44% margin, fewer men than women reported being “more stressed” upon returning to the office and facing the presumably larger stack of work requirements that have built up during their absence.

Interestingly, the Marriott Rewards survey found that residents of Tokyo report the highest levels of stress upon returning to work, whereas residents of Mexico City are at the other end of the scale. Residents of major U.S. cities – New York, Chicago and Los Angeles — fall in the middle range of the 14 international urban areas that were included in the Marriott Rewards survey.

Speaking personally, I haven’t been able to “completely disconnect” from the office while on vacation in living memory — and I don’t think I know anyone else who has.

What is your vacation track record in this regard? What sorts of strategies do you use to get the most relaxation out of your days away from the office? I’m quite sure other readers will be interested in hearing about them.

Family-owned companies: Do they continue to have the best business reputations?

While public perceptions of “greedy businesspeople” have always been part of the sociological landscape, over the years opinions about family businesses have tended to be more forgiving.

That perception appears to be holding. A newly published report reveals that people trust family businesses significantly more than businesses in general.

The trust levels are ~75% for family-owned businesses versus just 59% overall.

That finding comes from a survey of ~15,000 respondents age 18 or older conducted by research firm Edelman Intelligence, which is part of the Edelman marketing communications firm.

The research was conducted across 12 country markets and are contained in the 2017 Edelman Trust Barometer report.  In addition to the United States, the other country markets that were surveyed included:

  • Brazil
  • Canada
  • China
  • France
  • Germany
  • India
  • Indonesia
  • Italy
  • Mexico
  • Saudi Arabia
  • United Kingdom

Not only do the respondents in the Edelman survey trust family businesses more, they themselves would rather work for a family business.

Moreover, if they know a company is a family-run business, they’re three times more likely to be willing to pay more for its products or services.

Not everything is quite so positive, however. Compared to businesses in general, family-run businesses aren’t viewed as innovators (only ~15% compared to ~45%), or drivers of financial success (just ~15% vs. ~43%).

Even more discouraging is this finding:  Although in actuality family-run businesses are often major sources of philanthropy, only ~17% of the Edelman survey respondents view these companies as leaders in helping to address societal challenges. So, more work appears to be needed to attain the recognition that is deserved in this arena.

Another common perception – and this may be a more accurate one in reality – is that family-run businesses are skimpy in their willingness to share financial and other information about how their businesses are run.

But the most potentially harmful perception is the opinion the general public has about successive generations of family members managing family-run businesses. “Next-generation” CEOs are ~17% less trusted than founders.  They’re also considered far more likely to mismanage the business – not to mention being seen as less committed to the success of their enterprises.

In short, an inherited business, like inherited wealth, is viewed with suspicion by many people, and it’s more likely to be perceived as “undeserved.”

So, the portrait of family businesses isn’t completely rosy … but the reputation of these enterprises remains better than for businesses in general.

More information and key findings from the Edelman report can be found here.

What does the Equifax data breach tell us about the larger issue of risk management in an increasingly unpredictable world?

It’s common knowledge by now that the data breach at credit reporting company Equifax earlier this year affected more than 140 million Americans. I don’t know about you personally, but in my immediate family, it’s running about 40% of us who have been impacted.

And as it turns out, the breach occurred because one of the biggest companies in the world — an enterprise that’s charged with collecting, holding and securing the sensitive personal and financial data of hundreds of millions of people — was woefully ill-prepared to protect any of it.

How ill-prepared? The more you dig around, the worse it appears.

Since my brother, Nelson Nones, works every day with data and systems security issues in his dealings with large multinational companies the world over, I asked him for his thoughts and perspectives on the Equifax situation.

What he reported back to me is a cautionary tale for anyone in business today – whether you’re working in a big or small company.  Nelson’s comments are presented below:

Background … and What Happened

According to Wikipedia, “Equifax Inc. is a consumer credit reporting agency. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide.”

Founded in 1899, Equifax is one of the largest credit risk assessment companies in the world.  Last year it reported having more than 9,500 employees, turnover of $3.1 billion, and a net income of $488.1 million.

On September 8, 2017, Equifax announced a data breach potentially impacting 143 million U.S. consumers, plus anywhere from 400,000 to 44 million British residents. The breach was a theft carried out by unknown cyber-criminals between mid-May 2017 until July 29, 2017, which is when Equifax first discovered it.

It took another 4 days — until August 2, 2017 — for Equifax to engage a cybersecurity firm to investigate the breach.

Equifax has since confirmed that the cyber-criminals exploited a vulnerability of Apache Struts, which is an open-source model-view-controller (MVC) framework for developing web applications in the Java programming language.

The specific vulnerability, CVE-2017-5638, was disclosed by Apache in March 2017, but Equifax had not applied the patch for this vulnerability before the attack began in mid-May 2017.

The workaround recommended by Apache back in March consists of a mere 27 lines of code to implement a Servlet filter which would validate Content-Type and throw away requests with suspicious values not matching multipart/form-data. Without this workaround or the patch, it was possible to perform Remote Code Execution through a REST API using malicious Content-Type values.

Subsequently, on September 12, 2017, it was reported that a company “online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected [sic] by perhaps the most easy-to-guess password combination ever: ‘admin/admin’ … anyone authenticated with the ‘admin/admin’ username and password could … add, modify or delete user accounts on the system.”

Existing user passwords were masked, but:

“… all one needed to do in order to view [a] password was to right-click on the employee’s profile page and select ‘view source’. A review of those accounts shows all employee passwords were the same as each user’s username. Worse still, each employee’s username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee’s last name, you also could work out their password for this credit dispute portal quite easily.”

The reporter who broke this story contacted Equifax and was referred to their attorneys, who later confirmed that the Argentine portal “was disabled and that Equifax is investigating how this may have happened.”

The Immediate Impact on Equifax’s Business

In the wake of these revelations, Equifax shares fell sharply:  15% on September 8, 2017, reducing market capitalization (shareholder value) by $3.97 billion in a single trading day.

Over the next 5 trading days, shares fell another 24%, reducing shareholder value by another $5.4 billion.

What this means is that the cost of the breach, measured in shareholder value lost by the close of business on September 15, 2017 (6 business days), was $9.37 billion – which is equivalent to the entire economic output of the country of Norway over a similar time span.

This also works out to losses of $347 million per line of code that Equifax could have avoided had it deployed the Apache Struts workaround back in March 2017.

The company’s Chief Information Officer and Chief Security Officer also “retired” on September 15, 2017.

Multiple lawsuits have been filed against Equifax. The largest is seeking $70 billion in damages sustained by affected consumers. This is more than ten times the company’s assets in 2016, and nearly three times the company’s market capitalization just before the breach was announced.

The Long-Term Impact on Equifax’s Brand

This is yet to be determined … but it’s more than likely the company will never fully recover its reputation.  (Just ask Target Corporation about this.)

Takeaway Points for Other Companies

If something like this could happen at Equifax — where securely keeping the private information of consumers is the lifeblood of the business — one can only imagine the thousands of organizations and millions of web applications out there which are just as vulnerable (if not as vital), and which could possibly destroy the entire enterprise if compromised.

At most of the companies I’ve worked with over the past decade, web application development and support takes a back seat in terms of budgets and oversight compared to so-called “core” systems like SAP ERP. That’s because the footprint of each web application is typically small compared to “core” systems.

Of necessity, due to budget and staffing constraints at the Corporate IT level, business units have haphazardly built out and deployed a proliferation of web applications — often “on the cheap” — to address specific and sundry tactical business needs.

“Kid’s Day” at Equifax’s Argentine offices. Were the kids in command there, one is tempted to wonder …

I strongly suspect the Equifax portal for managing credit report disputes in Argentina — surely a backwater business unit within the greater Equifax organization — was one of those.

If I were a CIO or Chief Security Officer right now, I’d either have my head in the sand, or I’d be facing a choice. I could start identifying and combing through the dozens or hundreds of web applications currently running in my enterprise (each likely to be architecturally and operationally different from the others) to find and patch all the vulnerabilities. Or I could throw them all out, replacing them with a highly secure and centrally-maintainable web application platform — several of which have been developed, field-tested, and are readily available for use.

__________________________

So, there you have it from someone who’s “in the arena” of risk management every day. To all the CEOs, CIOs and CROs out there, here’s your wakeup call:  Equifax is the tip of the spear.  It’s no longer a question of “if,” but “when” your company is going to be attacked.

And when that attack happens, what’s the likelihood you’ll be able to repel it?

… Or maybe it’ll be the perfect excuse to make an unforeseen “early retirement decision” and call it a day.

__________________________

Update (9/25/17):  And just like clockwork, another major corporation ‘fesses up to a major data breach — Deloitte — equally problematic for its customers.