Crisis Management

Target as Target

Risk experts grade Target's efforts to manage the reputation damage caused by the data breach.
By: | February 3, 2014 • 4 min read

After fumbling its initial response to a massive data breach, Target Corp. has rebounded, according to experts in crisis management.

However, they said, the retailer still faces challenges in regaining consumer confidence, especially among people directly harmed by the cyber attack, which struck at the height of the holiday shopping season.

Advertisement




In late November and early December, malware lodged in the retailer’s point-of-sale system siphoned off account and personal information for up to 110 million customers. But Minneapolis-based Target is not the only company that may have been struck. Luxury retailer Neiman Marcus suffered a smaller breach, and news reports suggest at least six other retailers have been hit. These other companies likely are keeping a close eye on Target’s handling of the crisis.

Critics have focused, in part, on the company’s early communications. Target appeared initially to underestimate the gravity of the situation, crisis consultants said. For example, Target’s first message to customers apologized for the inconvenience.

“You don’t call something like this an inconvenience,” said Rich Klein, a crisis management consultant in New York City.

Initial email (truncated) sent by Target on 12/19/2013. The original email included an additional 4 pages of information.

Initial email (truncated) sent by Target on 12/19/2013. The original email included an additional 4 pages of information.

Subsequent messages from Target used stronger language, acknowledging customers’ stress and anxiety, he said. Messages also switched from assuming customer confidence to promising to regain it, Klein added, praising the change.

“I would still say it’s so much better to get it right the first time,” he said.

2nd email to guests, 12/20/2013.

2nd email to guests, 12/20/2013.

Still, he added, the company made good use of its Twitter feed and Facebook page. Facebook, for example, was used only to communicate about the breach, not to advertise sales, though it also acted as something of a lightning rod for complaints.

Consultants also panned the company’s decision to extend a 10 percent discount to shoppers during the weekend of Dec. 21, a few days after news of the breach first surfaced. While the discount was a nice gesture, it did not adequately address customer concerns and seemed to suggest the crisis had passed, consultants said.

In addition, the company has occasionally appeared to be behind the news, with information trickling out in the media before being revealed by Target, said Jeff Jubelirer, vice president of Philadelphia-based Bellevue Communications Group. “We should expect more from a retailer of that size and that reputation and that level of success.”

A key turning point came on Jan.13 when the company’s CEO, Gregg Steinhafel, appeared on CNBC, apologizing for the breach, reassuring customers and defending the company’s reaction:

Steinhafel should have been giving interviews in December, said Jonathan Bernstein, an independent crisis management consultant in Los Angeles. “They would have suffered less loss of sales and less impact on their stock value if they had been more assertive from the get-go.”

Other observers gave Target high marks for making a relatively quick disclosure of the breach and offering a free year of credit monitoring to customers. The four-day gap between discovery of the breach on Dec. 15 and public disclosure on Dec. 19 was faster than it’s been in other cases, said Alysa Hutnik, an attorney in the Washington, D.C. office of Kelley Drye.

“I haven’t done the math, but I think that would rate somewhere at the very top,” said Hutnik, who specializes in cyber security issues.

Another high point is the prominent role of Target’s CEO, Hutnik said. “He knows there’s work to be done to earn back customer trust, and it looks like he is taking that obligation seriously,” she said, noting that top executives rarely serve as public faces after a data breach.

Other positive steps include Target’s $5 million investment in cyber security education said Michael Soza, a partner in accounting and consulting firm BDO.

“This latest move … is really going on the offensive to show that they really are trying to get out in front of this thing and really attack what is not just a Target problem,” Soza said.

Advertisement




As long as no other damaging details leak out, most customers will remain loyal to the chain, said Daniel Korschun, an assistant professor of marketing at Drexel University in Philadelphia.

But the company will have to work harder to win back customers who suffered directly. They will be hard to find and hard to soothe, especially if they’ve had to spend hours on the phone undoing damage to their credit or bank accounts.

“Those are the ones where the trust has really been lost,” Korschun said.

Joel Berg is a freelance writer and adjunct writing teacher based in York, Pa. He has covered business and regulatory issues. He can be reached at [email protected]

Risk Management

The Profession

Pinnacle Entertainment’s VP of enterprise risk management says he’s inspired by Disney’s approach to risk management.
By: | November 1, 2017 • 4 min read

R&I: What was your first job?

Bus boy at a fine dining restaurant.

R&I: How did you come to work in this industry?

I sent a résumé to Harrah’s Entertainment on a whim. It took over 30 hours of interviewing to get that job, but it was well worth it.

R&I: If the world has a modern hero, who is it and why?

Advertisement




The Chinese citizen (never positively identified) who stood in front of a column of tanks in Tiananmen Square on June 5, 1989. That kind of courage is undeniable, and that image is unforgettable. I hope we can all be that passionate about something at least once in our lives.

R&I: What emerging commercial risk most concerns you?

Cyber risk, but more narrowly, cyber-extortion. I think state sponsored bad actors are getting more and more sophisticated, and the risk is that they find a way to control entire systems.

R&I: What is the riskiest activity you ever engaged in?

Training and breaking horses. When I was in high school, I worked on a lot of farms. I did everything from building fences to putting up hay. It was during this time that I found I had a knack for horses. They would tolerate me getting real close, so it was natural I started working more and more with them.

Eventually, I was putting a saddle on a few and before I knew it I was in that saddle riding a horse that had never been ridden before.

I admit I had some nervous moments, but I was never thrown off. It taught me that developing genuine trust early is very important and is needed by all involved. Nothing of any real value happens without it.

R&I: What about this work do you find the most fulfilling or rewarding?

Advertisement




Setting very aggressive goals and then meeting and exceeding those goals with a team. Sharing team victories is the ultimate reward.

R&I: What is the most unusual/interesting place you have ever visited?

Disney World. The sheer size of the place is awe inspiring. And everything works like a finely tuned clock.

There is a reason that hospitality companies send their people there to be trained on guest service. Disney World does it better than anyone else.

As a hospitality executive, I always learn something new whenever I am there.

James Cunningham, vice president, enterprise risk management, Pinnacle Entertainment, Inc.

The risks that Disney World faces are very similar to mine — on a much larger scale. They are complex and across the board. From liability for the millions of people they host as their guests each year, to the physical location of the park, to their vendor partnerships; their approach to risk management has been and continues to be innovative and a model that I learn from and I think there are lessons there for everybody.

R&I: What is the risk management community doing right?

We are doing a much better job of getting involved in a meaningful way in our daily operations and demonstrating genuine value to our organizations.

R&I: What could the risk management community be doing a better job of?

Educating and promoting the career with young people.

R&I: What have you accomplished that you are proudest of?

Being able to tell the Pinnacle story. It’s a great one and it wasn’t being told. I believe that the insurance markets now understand who we are and what we stand for.

R&I: Who is your mentor and why?

Advertisement




John Matthews, who is now retired, formerly with Aon and Caesar’s Palace. John is an exceptional leader who demonstrated the value of putting a top-shelf team together and then letting them do their best work. I model my management style after him.

R&I: What is your favorite book or movie?

I read mostly biographies and autobiographies. I like to read how successful people became successful by overcoming their own obstacles. Jay Leno, Jack Welch, Bill Harrah, etc. I also enjoyed the book and movie “Money Ball.”

R&I: What is your favorite drink?

Ice water when it’s hot, coffee when it’s cold, and an adult beverage when it’s called for.

R&I: What does your family think you do?

In my family, I’m the “Safety Geek.”

R&I:  What’s your favorite restaurant?

Vegas is a world-class restaurant town. No matter what you are hungry for, you can find it here. I have a few favorites that are my “go-to’s,” depending on the mood and who I am with.

If you’re in town, you should try to have at least one meal off the strip. For that, I would suggest you get reservations (you’ll need them) at Herbs and Rye. It’s a great little restaurant that is always lively. The food is tremendous, and the service is always on point. They make hand-crafted cocktails that are amazing.

My favorite Mexican restaurant is Lindo Michoacan. There are three in town, and I prefer the one in Henderson as it has the best view of the valley. For seafood, you can never go wrong with Joe’s in Caesar’s Palace.




Katie Dwyer is an associate editor at Risk & Insurance®. She can be reached at [email protected]