Tag Results: strategy

December 18th, 2014

Sony & The Wisdom of Moms
aka “Always Wear Clean Underwear”

As your mom used to say, “always wear clean underwear in case you’re hit by a bus,” advice that went unheeded as the bus – in the form of the North Korean cyber attack – flattens Sony.

But if we think the solution to cyber attacks is going to be better technology, we’re focusing on the wrong part of the problem.

We’ve been here before. In 2007, TJ Maxx disclosed a data compromise of the payment information of 45 million of its customers. That event was claimed to be a “game-changer”, a “wake-up call” for anyone concerned about data security. Seven years later, Target was in essentially the exact same situation disclosing 45 million, no wait, 70 million, or maybe 110 million accounts had been compromised. Sony itself experienced a high-profile breach of its Playstation business in 2011, the platform going dark for weeks and 78 million accounts compromised, plus 25 million at its sister company, Sony Online Entertainment.

The real lesson to be learned here is to recognize that we’re living in an age of unprecedented transparency – wanted or not – which requires a new approach to operating and decision-making.

Threatening to sue or otherwise harass reporters who cover events – whether from Sony’s legal counsel or Uber’s SVP of business – is an approach that is doomed not only to failure but to ridicule. It also fundamentally fails to recognize the new reality in which reputation and reputational risk needs to be a primary criterion in an organization’s decision-making approach and strategy, in order to withstand the inevitable external scrutiny.

An organization’s reputation is most at risk during a crisis, probably the one moment in time when leaders all-too readily acknowledge its importance. Outside of a crisis, however, reputation is an after-thought, a secondary consideration to financial, operational or legal drivers. It is only by proactively incorporating reputational risk as a critical variable in decision-making – driving business decisions, policies, ethics and culture at an organization – will organizations be in a position to thrive in today’s transparent and critical environment.
For more info: Our Approach

Or, to draw equally applicable, if often ignored advice – don’t do (or say) anything you wouldn’t want your mom to read about on the front page of the paper.

September 18th, 2014

Is It Easier to Row the Boat or to Rock It?

What NFL and GM have in common… and something everyone needs to consider.

While the former FBI Director Robert Mueller investigation is on-going, bets are the NFL’s leadership will be cleared.  It doesn’t mean, however that they are blameless.  Among all the noise and chatter about when the Rice tape arrived, if it arrived, who saw it and when, lies a more fundamental challenge almost every organization faces.  Does the organization have a culture that encourages proactively sharing bad news?

Human nature doesn’t help.  Faced with a problem, we all tend to want to solve it first, before confessing that something went wrong. Does a “shoot-the-messenger” mentality at your organization mean that bad news is buried, whether you are out in the field or at HQ?  Is “plausible deniability” more important than facing the issue and starting to address it?  Is it easier to row the boat at your organization or to rock it?  An organization’s culture can either further enforce this mentality or it can define a new set of expectations that are critical to managing reputational risk.

The legal department at GM probably wins the prize for the most egregious recent example of hiding information for fear of the fall-out.  Potentially that is what happened at the NFL also.  Developing a culture in which sharing bad news is not a career-killing step is important.  Developing a defined, understood and enforced escalation and reporting process can signal that culture change.  This isn’t a compliance program or an ethics hotline – rather it needs to be an intelligence-gathering process that allows an organization to get a heads up on issues that are potentially challenging, allowing it the time to make proactive decisions that will both stand the test of time and satisfy stakeholder expectations.
Crisis management isn’t just about how you respond to a crisis once you are in the middle of it.  It’s about identifying issues early enough to prevent them from becoming crises in the first place.