Sony has been raked over the coals these last few weeks. Has there been just cause? And has Sony exercised good crisis management and crisis communication skills?
Between April 17 and April 19th the Sony PlayStation Network and the Company’s Qriocity service which streams video to Sony televisions and Blu-ray devices were hacked and knocked offline. Besides knocking out service, unauthorized persons obtained access to personal information including credit card numbers. An estimated 77 million PlayStation users and 12 million of their credit cards were affected, plus 24 million Sony Online Entertainment customers and over 10,000 of their cards. The services have just recently come back on line (Japan itself is an exception because the government is not yet sure they is secure) as of approximately May 14th.
There are two main issues that have gotten the public very agitated. First, did the Company handle its communications well? It took almost a week to publicly acknowledge the attacks and advise its customers that credit card information could have been compromised. This length of delay surely provided hackers with a large window of opportunity to utilize the information it had mined to the obvious detriment of millions of customers.
One of the basic tenants of crisis communication is to act quickly and have as much control of the dialogue as possible. The basic problem was evident, even if a great deal of operational research had to be done to identify the extent of the damage. The first goal should have been to minimize the vulnerability of its customers through immediate notification. By delaying, Sony allowed speculation to build up and therefore it positioned itself defensively, instead of taking vigorous proactive steps.
The other communications gaff came directly from Sony’s CEO, Howard Stringer. In a discussion with reporters on May 17th, he defended the actions of Sony when asked why it took almost a week to notify customers. He observed that the Company reported quickly, noted that many companies don’t report these breaches at all or only after a month, and then said “you’re telling me my week wasn’t fast enough”. This sounds a bit defensive and imperious for a CEO. Most customers would probably disagree with him, especially those whose credit cards could have used by the hackers, or those whose personal information may now be used for identity theft purposes.
The second main issue is operational. Sony must quickly tighten its security and provide safe and secure networks for its customers. The U.S. Congress and the New York Attorney general almost immediately jumped on the bandwagon to “investigate” this technological lapse, but hopefully these actions will not drain efforts away from identifying vulnerabilities and making data protection paramount. Customers need to be confident of Sony’s ability to protect them. Otherwise, it will lose out big time to Microsoft and Nintendo. That should be motivation enough to make Sony create one of the most secure networks available out there in cyberspace.