I have often wondered why firms/CEOs worry so much about negative headlines. Sure, the unwanted attention is uncomfortable and there can be short-term consequences, but I am less confident that stakeholders have long enough memories to inflict lasting damage.
Perhaps the difference comes down to systemic issues versus one-off mistakes. In other words, Lumber Liquidators' mislabeling of their laminate flooring to mask the level of toxic materials the product contains was damaging because it was something built into the way the firm did (does?) business. Similarly, Nike's sweatshop issue still resonates (in spite of the firm's best-practice approach to its supply chain today) because it was so ingrained in operations. In contrast, mistakes like the hacking of Target's computer systems that resulted in the credit card details of 40 million customers being stolen does not appear to have affected revenues.
Along these lines, the article in the url below analyses the reputational consequences of the IT security breaches that are increasingly occurring at large companies:
"While reputational damage is often presented by technology suppliers as the consequence of security breaches, evidence suggests the public has a short memory, though senior executives will continue to pay the price for a bad leak."
Specific examples appear to support this perspective:
"Last year's hacking of Apple's iCloud service, for example, in which intimate photos of celebrities were stolen and published online, has done little to dent its financial performance. However, while the Sony Pictures breach did not lead to a boycott by movie-goers, the company's co-chair, Amy Pascal, stepped down after the scandal. Despite this, in its Q3 2014 financial statements, the company said it 'doesn't expect to suffer any long-term consequences' as a result of the attack."
The absence of long-term effects on firm performance are attributed to the lack of attention of key stakeholders, such as the firm's customers:
"'Negative reputational impacts are totally exaggerated, in my opinion,' says Gartner analyst Avivah Litan. 'I think customers forget about a breach very quickly and it doesn't impact their interest in buying goods or services from the breached company.'"
Ironically, the more security breaches that occur, the less impact they appear to have:
"Marc van Zadelhoff, vice-president of strategy in IBM's security division, agrees: 'The more frequently data breaches occur, the more desensitised people become, resulting in less of an impact to the brand's reputation.'"
The five examples of serious data breaches that the article discusses also make clear that the sooner a firm reveals the breach and the more transparent it is about the causes, the more forgiving the public is likely to be. Of course, the more forgiving the public is likely to be, the greater the chance that a similar event will occur elsewhere.
David Chandler & Bill Werther
Strategic Corporate Social Responsibility: Stakeholders, Globalization, and Sustainable Value Creation (3e)
Instructor Teaching and Student Study Site: http://www.sagepub.com/chandler3e/
Strategic CSR Simulation: http://www.strategiccsrsim.com/
The library of CSR Newsletters are archived at: http://strategiccsr-sage.blogspot.com/
Fear of reputational damage may be overhyped
By Jessica Twentyman
May 20, 2015
FT Special Report – The Connected Business