Crisis Communication Essay
Transcription
Crisis Communication Essay
James Harootunian BA 2196 Section 20/ Professor Miller Writing Assignment: Crisis Communication On Dec 18, 2013, the public discovered that Target—America’s second largest retailer— had experienced a massive data breach that resulted in the theft of personal information from 70 million customers. In addition to personal information such as names and phone numbers, the breach also resulted in the exposure of 40 million customers’ credit and debit card information. Sources indicated that the breach took place from Nov 27 to Dec 15th (Clark, 2014). Hackers entered Target’s network by using access rights given to Fazio Mechanical Services— a company that managed Target’s HVAC systems. Once inside, they were able to install malware programs that obtained customer information through the retailer’s point-of-service system (Vijayan, 2014). Target ineffectively managed its crisis in the following ways: first, by not addressing the crisis immediately, the company was forced to take a defensive approach once the breach was discovered; second, the organization failed to provide accurate information and lost the trust of its customers; third, then-CEO Gregg Steinfield did not address the public with confidence and sympathy, which resulted in people questioning Target’s positive intentions. Target’s crisis communication during the 2013 data breach was not successful because it failed to address the crisis immediately, thus forcing the organization to take on a reactionary approach once crisis information leaked. Target executives met with the U.S. Justice Department on Dec 13, 2013 to discuss the potential breach, and the following day the retailer hired a third party to investigate the hack. On Dec 15, 2013, Target officially discovered that their systems had been breached and that customer information may have potentially been stolen (Clark, 2014). Customers learned of the data breach when “the story was broken on December 18th by security blogger Brian Krebs” (Temin, 2013, p. 1). Target publicly addressed the data breach— four days after the initial discovery—on Dec 19, 2013 (Clark, 2014). In an interview nearly a month after the incident, CEO Gregg Steinhafel attempted to justify the initial delay by stating that the four-day period felt like “lightning speed from Target’s perspective” (Quick, 2014, p.1); however “confused holiday consumers were worried about the safety of their information” (Lee, 2014, p.2). This lapse may be attributed to Target’s desire to be thorough in obtaining information and confirming the breach, but this led to another source revealing information first and leaving customers without a timely formal response from the retailer. In his article “Crisis Management and Communications”, Timothy Combs (2014) advises that organizations should “provide a response in the first hour after the crisis occurs” (p. 4) and indicates that failing to do so can be “perceived by the media and public as stonewalling and irresponsible” (Murray, 1992, p. 4). Target failed to provide a response anywhere near the one-hour window, which resulted in the organization having to defend itself and answer for its period of silence. As Thomas Lee explained, “ anytime you are not controlling the release of information, you lose the opportunity to cast yourself in the role of the hero rather than the villain” (Lee, 2014, p. 2). Customers felt uneasy and began to question Target’s motives and credibility as opposed to viewing Target as the victim of computer crime. Target’s response to its 2013 data breach was ineffective because it provided inaccurate information to the public and caused consumers to lose trust in organization and its ability to manage the crisis. During its initial release on Dec 19, 2013, the retailer claimed that customer PIN numbers were not amongst the information that had been comprised during the data breach. Then on Dec 27, 2013, “an ongoing investigation by a third-party forensics unit finds that encrypted debit card PIN information was accessed during the breach” (Clark, 2014, p. 1). Target believed that consumer PIN’s were still safe, but the organization was forced to retract its previous claim (Clark, 2014). Target made an assurance to the public that it could not keep and “there is nothing better to destroy trust than making an assurance one day that you will have to go back on the next” (Temin, 2013, p. 3). Timothy Combs (2014) stresses in the event of a crisis, “people want accurate information about what happened and how the event might affect them” (Combs, p. 4). He also explains that if organizations release inaccurate information, they will be viewed as incompetent (Combs, 2014). Victims of the data breach needed to know whether or not their PIN’s had been comprised so that they could protect themselves from fraudulent use of their accounts. Customer’s wanted answers and Target provided them with information that had yet to be confirmed through the investigation. Target could have chose to “admit the things that they did not yet know, and plan for the worst case” (Temin, 2013, p. 2), but instead the organization decided to provide inaccurate information in an attempt to reassure customers. This resulted in customers viewing Target as incompetent, leaving the retailer with a tarnished reputation. Target’s attempt to repair its reputation during its 2013 data breach failed because thenCEO Gregg Steinhafel did not address the public in a confident and sympathetic manner, thus causing people to doubt Target’s positive intentions. In the days following the breach, Target posted several videos of Steinhafel responding to the data breach on the company’s website. During these videos he thanked customers for their business and trust in target, shared tips for the data breach victims, apologized for call center wait times, and offered all guests a 10% shopping discount (A message from, 2013). While much of this information was useful, Steinhafel failed to offer a true and sincere apology to those affected. Specifically, he only offered one apology and it pertained to Target’s inefficiencies in its call centers. Davia Temin (2013) describes Steinhafel’s response in her article “Targets Worst PR Nightmare” by saying “though he does apologize briefly, his response does not take enough responsibility, or seem sorry enough” (p. 1). Given that the data breach impacted millions of innocent victims, Steinfield should have been more sincere and sympathetic. In addition to his lack of sympathy, Steinfeld also failed to limit his disfluencies during his address. He spoke for less than two minutes and in that time he used the phrase “uh” five times. (A message from, 2013) This gave the impression that he was ill prepared and not taking the crisis seriously. Timothy Comb’s (2014) explains that “disfluencies such as uhms or uhs” (p. 2) should be avoided, as people will view the user as deceptive when they are used. He continues by mentioning that crisis managers should “express concern/sympathy for victims of the crisis” (p. 5). Steinhafel’s constant disfluencies, paired with his lack of sympathy, lessened the effectiveness of his response and caused people to doubt the organization’s positive intentions. Target ineffectively managed its crisis in the following ways: first, by not addressing the crisis immediately, the company was forced to take a defensive approach once the breach was discovered; second, the organization failed to provide accurate information and lost the trust of its customers; third, Gregg Steinfield did not address the public with confidence and sympathy, which resulted in people questioning Target’s positive intentions. Given the impact of the crisis, Target has invested nearly $100 million dollars to improve its security and will be adding new technology to protect customers’ PIN numbers (Clark, 2014). The data breach also represents one of several reasons that CEO Gregg Steinhafel made the decision to resign in May 2014 (Lee, 2014). Finally, although Target’s stock price has returned to pre-crisis levels, there are still customers that are taking advantage of the company’s free credit monitoring services as a result of the data breach (Credit Monitoring). Works Cited A Message from CEO Gregg Steinhafel about Target's Payment Card Issues. (2013, December 20). Retrieved March 11, 2015, from http://www.abullseyeview.com/2013/12/target-ceo-greggsteinhafel-message/ Clark, M. (2014, May 5). Timeline of Target's Data Breach And Aftermath: How Cybertheft Snowballed For The Giant Retailer. Retrieved March 11, 2015, from http://www.ibtimes.com/timeline-targets-data-breach-aftermath-how-cybertheft-snowballedgiant-retailer-1580056 Coombs, W. (2011). Crisis Management and Communications. Institute for Public Relations. Credit monitoring FAQ. (n.d.). Retrieved March 12, 2015, from https://corporate.target.com/about/payment-card-issue/credit-monitoring-FAQ.aspx Lee, T. (2014, May 7). Target's culture contributed to Gregg Steinhafel's downfall. Retrieved March 11, 2015, from http://www.sfgate.com/business/article/Target-s-culture-contributed-toGregg-5458122.php Murray, E., & Shohen, S. (1992). Lessons from Tylenol tragedy on surviving a corporate crisis. Medical Marketing and Media, 27(2), 1-4. Quick, B. (2014, January 12). Target CEO defends delay to disclose data breach. Retrieved March 11, 2015, from http://www.cnbc.com/id/101329300 Temin, D. (2013, December 30). Target's Worst PR Nightmare: 7 Lessons From Target's WellMeant But Flawed Crisis Response. Retrieved March 11, 2015, from http://www.forbes.com/sites/daviatemin/2013/12/30/targets-worst-pr-nightmare-7-lessons-fromtargets-well-meant-but-flawed-crisis-response/ Vijayan, J. (2014, February 6). Target breach happened because of a basic network segmentation error. Retrieved March 11, 2015, from http://www.computerworld.com/article/2487425/cybercrime-hacking/target-breach-happenedbecause-of-a-basic-network-segmentation-error.html