Missing
the Target in a Crisis
(Commentary
by Jordan Low)
Target is one of the largest and most recognisable
retail corporation in the United States. When a crisis occurs that involves
such a well-established company, many will be affected and the company will be
expected to handle the situation promptly and effectively.
In 2013, Target faced such a crisis when the company
suffered a massive data breach. Customer credit card information was compromised
and millions were affected. Target made a decent effort in managing the issue
at hand, however they also made several huge blunders in the process that
overall hurt their image more than salvaging it.
Target’s response to the data leak was relatively
fast. However, in their haste to put out a statement, Target’s spokesperson did
not adequately consult with upper management, leading to misinformation that
required a retraction. This shows that Target may have had a crisis management
plan in place, but it was either executed poorly, or the plan itself had flaws
which led to miscommunication within the company.
Since then, many analysts have looked to Target’s
data breach as a prominent case study on how to improve on a company’s crisis
management plan. Davia Temin of Forbes in particular wrote an informative
article on how Target could have done things differently in order to avoid
damage to their brand. Check out the full Forbes article and commentary below -
we thought it made a great read.
Image Source: www.irenemarkoja.com
___________________________________________________________________________________
Target's
Worst PR Nightmare: 7 Lessons From Target's Well-Meant But Flawed Crisis
Response
Target is living up to its name in a way I am sure
they never meant to do.
They have become the newest target case of how not to
respond in a crisis. Although they have done many things right in their
response to the second-largest retailer data breach on record, they have made
some classic mistakes that have not only compromised their reputation, but the
trust of their customers, employees, and the public.
In fact, by needing to retract 0n Friday their
earlier assurances to customers that PIN numbers had not been stolen, Target
effectively has morphed in the eyes of the public from a victim of crime to a
co-conspirator. Not a good move brand-wise, trust-wise, reputation-wise, or
business-wise.
To be fair, almost certainly Target did not know all
the facts when they had to make their initial statement on December 19th (the
story was broken on December 18th by security blogger Brian Krebs, “Sources:
Target Investigating Data Breach.") But because they had chosen not to
break the story themselves, Target was forced to respond to a story that Mr.
Krebs had broken, and from that point on they were on the defense. And, in such
circumstances, they were most likely buffeted by conflicting “advice” or
demands from their security experts, banking partners, law enforcement of every
variety, and lawyers.
Often such experts will counsel the corporate victims
of crime to limit their statements – and liability – and withhold details from
the public until they can understand the magnitude of the problem. But it may
take quite a while to understand the full magnitude. Many of Target’s crisis
responses were textbook good, but what they forgot was to NOT make assurances
to the public until they were certain those assurances were correct. They were
far too quick to worry about the spin, and minimize the problem, instead of
admit the things that they did not yet know, and plan for the worst case.
In trying to limit their liability they opened
themselves up to misleading their precious customer base, and put their
customers, employees, banks and business in an untenable position.
Indeed, Target leadership’s biggest flaw may have
been to listen to the wrong experts: they stayed silent when they should have
broken the story themselves and over-communicated. They minimized when they
should have maximized. They obfuscated when they should have leveled with their
customers. And they made false assurances that they later needed to retract.
Now, fewer will believe them when they speak.
Point-of-sale breaches are a huge and growing
business for global crime syndicates these days. Almost no business or consumer
is immune. So, having done significant work on these issues in other
industries, I would like to offer 7 lessons to leaders facing data theft,
derived both from Target's steps and missteps, as well as others' experience.
1.
Leaders,
no matter how much it hurts, when you have a problem that affects your
customers directly, DO NOT WAIT TO GO PUBLIC.
You don’t need to have all the answers, but you DO need to get ahead of and own
the problem. Otherwise, others will own it for you.
Announce
what you do and do not know as soon as possible, make clear your intentions to
come up with solutions as rapidly as possible, and promise continuous updates.
Then keep to that promise.
Your
business will definitely take a major hit, but your credibility will not. And
if you keep the trust of your customers, your profitability can rebound.
2.
Do not let
others define your message. Law enforcement,
lawyers, banks, and security experts will all want to craft your messaging for
you. Hear them out, of course, but then do what YOU think is best for your
customers, employees, and shareholders. There may be a dissonance, because what
is best for customers may not be best – in the short-term – for shareholders.
But above all, guard your integrity, and show ultimate respect for your
customers. If I have heard one regret from CEOs in this position, it is that
they listened to the wrong advice, and waited too long to step out with their
voice in public.
3.
Do NOT
make false assurances. One simply cannot make
assurances to the public unless you are 100% certain those assurances are true.
Just like UPS and Fedex promised on-time Christmas delivery this year, and then
couldn't deliver on their promise, there is nothing better to destroy trust
than making an assurance one day that you will have to go back on the next. It
is far better to be criticized for being uninformed than for misleading the
public.
4.
Don’t let
the bad news dribble out, if you can help it. Almost
all crises are multi-day, or weeks or months long. If you can get the bad news
out as quickly as possible, you can then turn to what you are doing to address
the situation, and recover.
5.
Respond
forcefully, and commensurately with the problem.
Target’s response on its website has many admirable elements, but it is still
too little, too late. Given the scope of the problem (40 million customers we
know of to date), it is far too general. It doesn’t address the broad array of
issues resulting from the theft anywhere near enough, such as what Target is
doing to stop these kinds of abuses from happening again, or how fraudulent use
of a credit or debit card will affect a customer's credit rating, and what can
be done about that. The videos of Target CEO Greg Steinhafel, while appealing,
are far too superficial, and too salesy. And though he does apologize briefly,
his response does not take enough responsibility, or seem sorry enough.
If
I were counseling them, I would suggest having the CEO level with his audience
on the video, be more heart-felt, look straight into the camera and through it
to his customers, and offer a real apology, and specific remediation.
The
list of important things to know that Target includes on its website is
excellent, but I would be clearer on the specific things customers can do to
protect themselves (such as get a new card), and offer to help them do so.
After all, criminals often sell stolen card numbers months after their theft,
and the best thing to do is not only change your PIN, but get a new card.
Target may want to consider doing a deeper dive list of how consumers can
protect themselves going forward. They can own the solution, if they so choose.
Finally,
I would EXTEND customer service call hours. Currently their hours are 7am to
11pm CST. If ever I have heard of an instance that calls for around-the-clock
customer service, this is it. AND, I would make sure that every senior manager,
C-Suite officer, and board member staff the customer service line for at least
two full days. Nothing fosters taking personal responsibility for customer
needs faster than being on the true front line.
6.
Balance
“happy talk” with “straight talk.” If the
problem grows and your response stays in the sales mode, you run the risk of
being totally unbelievable.
In
a crisis, straight talk is usually appreciated. Only AFTER the straight talk
can you find something to be happy about.
7.
Finally:
never, ever say you are “taking the issue seriously!” Of COURSE you are, if you are
any kind of a leader at all. That is the floor, not the ceiling.
Instead,
give specifics. Talk about the steps you are taking to fix the issue. Tell the
story. Talk about your values and vision, and how you are living them in the
wake of the crisis, no matter how difficult that may be. Reinforce your
commitment to be a part of the cure.
These are all ways for organizations to stay close
to, and sympathetic to, their audiences in the face of crisis. Make sure YOUR concerns directly reflect the
concerns of your customers, clients, employees, and stakeholders. Then you will
have far more willing partners in your recovery.
_________________________________________________________________________
Source: https://www.forbes.com/sites/daviatemin/2013/12/30/targets-worst-pr-nightmare-7-lessons-from-targets-well-meant-but-flawed-crisis-response/#6347cbf143cf
No comments:
Post a Comment