What is the 90:10 Cybersecurity Rule and Why is it So Important for Marketers?

Carl Bleich
Carl Bleich

Author’s note: You’ve done all of your research, spent hours going through different options, seen an amazing demo, and are finally ready to purchase your customer data platform. But one last step looms…final approval. Make sure that you are armed with information you need to prove that your CDP is safe and secure. This is the second article in Bloomreach’s series “Don’t panic: A marketer’s guide to customer data security”. This series will help educate marketers on why security is so important right now and give them the proper tools to help ease the nerves of risk-averse colleagues who may not fully understand the benefits of a CDP.

As you search the market for the perfect customer data platform for your company, it is essential to not only keep customer data security in mind, but also education and training as well.

The 90:10 cybersecurity rule helps illustrate perfectly why this is so important.

The 90:10 cybersecurity rule is simple: 90 percent of security measures rely on users and other stakeholders while 10 percent of security measures are technical in nature. In other words, 90 percent of security safeguards rely on the computer user to adhere to best practices while the other 10 percent lies with the security features of the CDP.

To put things in terms of a real-world example…some homeowners have an alarm system on their doors and windows to secure their house. However, if those doors and windows are not completely shut, or the alarm system on them is not activated, these security measures are useless.

This is comparable in many ways to the 90:10 rule and to Bloomreach’s Customer Data and Experience Platform.

Just as you might teach a guest how to arm the alarm in your home, Bloomreach is constantly teaching customers how to properly address security concerns when they use the CDXP. Bloomreach offers companies individual consultancy hours for specific security concerns and the Bloomreach Academy hosts a “GDPR Best Practices” course that aims to change perspectives around and promote compliance with data protection laws.

But why is all of this important to marketers? A strong security program cannot be implemented without properly training marketers on threats, policies and techniques to protect company assets.

Marketers must begin to understand just how much of the responsibility falls on them to keep customers’ data secure. As you now know, Bloomreach is a world-class platform with top-of-the-line security features. But if important data privacy rules are not followed while using the platform, working with customer data becomes more risky.

This is the illustration of the 90:10 rule that marketers must understand to protect customer data properly. The customer data platform will not do all of the security work for you. Marketers using the software must have an understanding of data privacy laws and work with the data compliantly to achieve an atmosphere of compliance for the company.

Here are three real-life examples where unfortunately compliance amongst marketers was not achieved and a large price was paid:

  • In Italy, a £16.7 million fine was given to Wind Tre, a mobile telecommunications operator, for “unlawful direct marketing practices”. These practices included creating confusing interfaces for users to give consent, using personal data without the consent of the data subject, and willfully ignoring data protection guidelines. 
  • Denmark hotel chain Arp-Hansen Hotel Group was fined over £147,000 when it was discovered that it was storing the personal data of over 500,000 people unnecessarily. This is a direct violation of GDPR. This fine was imposed despite there being no record of an actual data breach. 
  • A £1.24 million fine was levied on German health insurance organization AOK Baden-Wurttemberg in June 2020. It was determined that the company sent marketing messages to 500 people without consent because proper measures were not taken to protect personal data. 

The goal of buyers in the market for a customer data platform is to find the best CDP for their company. They’re looking for a platform with not only great product capabilities, but with security features that support the outstanding features used every day.

But what also must come along with this purchase is the education and training of marketers to ensure that this software is used in a manner that is compliant with the law. The 90:10 rule emphasizes the importance of this education and training and helps to educate marketers that the responsibility of securely using a CDP will fall on them when the time comes.

As far as the 10 percent of the 90:10 rule is concerned? Bloomreach has the highest-rated customer data platform on G2, an independent site fueled by reviews from real customers.

Bloomreach also was the world’s first GDPR certified SaaS company and it has been our mission since day one to take every possible step to protect the data that we work with. We also hold security certificates that prove we are a leader in this area.

Ready to learn more? Watch our short demo video today to see how your business can compliantly turn customer data into marketing magic. If you’re interested in learning more about data privacy and security, Bloomreach Academy’s Privacy Fundamentals course is the deep dive you need to master the topic and become an expert.


Carl Bleich

Head of Content at Bloomreach

Carl works with Bloomreach professionals to produce valuable, customer-centric content. A trusted expert with over 15 years of experience, Carl loves exploring unique ways to turn problems into solutions within digital commerce. Read more from Carl here.

Share with Your Community

Recent Posts

Maintain an Edge With These New Posts


Subscribe to get our hot takes on ecommerce topics, trends and innovations delivered to straight your inbox.

Life With Bloomreach

Watch this video to learn what your life could look like when you use Bloomreach.