The recent cyber-attack on telco giant, Optus, has revealed and continue to demonstrate that no organisation is anywhere near clear from being vulnerable to crises. It also demonstrates, just like in many other incidents, how the data market and the appetite for it, has grown.
Data has always formed the basis for big businesses’ continuity. More so in the new cyber world, big data is big money – the bigger the data a corporation holds the more competitive advantage it has in service marketing, brand positioning, and product situating. Data helps in making informed decisions and big data is good for both legitimate business, and in malicious phishing or for ransoms.
According to reports, the Optus data breach is a result of a basic security incompetence following Optus leaving possible entry points into their system, unsecure. Unfortunately, the breach has resulted in a potentially long-term reputation and credibility damage for the corporation. As we speak, data for almost 2 million of the nearly 10 million customers risked, has already found its way out , and a further 7.7 million customers impacted in one data stream or another.
Now, what does the whole incident remind us about the damaging characteristics of crises? Well, in the modern operating environment, no corporation or business is less vulnerable to crises. As such, leadership for corporations require to be crises-ready more than they had ever been decades ago. That entails having crisis conversant executives within rank and file, but also having crisis-ready guidelines that could easily spell how information is gathered and shared with the public.
When Optus announced, on 22nd September that its customer data bank had been attacked, they seemed to have taken an internal process to accompany the announcement with an assurance to its customers. For example, part of Optus’ announcement read that:
‘Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver's licence or passport numbers’
However, the coordination of information had been very problematic for Optus. It was evident the information was trickling from a disjointed source, and often incomplete. It portrayed that Optus had resolved the issue as soon as it emerged. However, that was not the case. For example, customer data had been exposed beyond what Optus initially advised. It transpired that more customer details, including Medicare details, may have been risked. Observably, it seemed Optus did not initially have a full comprehension of the depth of the crisis judging from the piece-meal communication with its customers.
The uncertain nature of crises can leave executives blurred of sense-making of what is unfolding before them. With customers still grappling for more information and alternatives for identity recovery proving slow and difficult, the amount of damage the data breach has caused to both the corporation and its individual customers is yet to be fully comprehended, and will take long to recover from. Optus will need to devise measures that minimises further harm to an already disenfranchised and uncertain customer base.
In addition, crises take a toll on organisational employees. More so on the executives, who are often the face of the corporation and brand, during crisis moments. As the Optus data breach crisis was unfolding, it was evident that the CEO Kelly Bayer Rosmarin was visibly tired, at times opting to communicate through recorded audio and videos. Optus failed to provide emotional and mental relief from such assault. Optus board could have done better by offering alternative spokesperson throughout the crisis communication. As soon as Federal Government issued its position statement, Optus board should have taken over the public engagement.
On a positive end, Optus response also cements the importance of information sharing and collaborating with stakeholders who are on your side. Optus collaborated with government agencies including the Police and other agencies to help the issuance of new documents such as a Drivers’ Licence and passports (which Optus has committed to pay for the renewal fees on behalf of the customer). In addition, the involvement of external Government agencies, such as Americas’ FBI, to help with the investigation within an Australian jurisdiction, informs how much importance the Federal Government has placed on the crisis and the security of its citizens’ data.
Crises affect corporations’ business returns, including its reputation and market share, among others. Optus may have scored in the operational response with its stakeholder collaboration in the crisis. However, with a disgruntled customer, continued bad media publicity, and a Federal Government still breathing down its neck for accountability and transparency, the crisis relief that Optus is seeking may be far out of its sight.