I sense, at some point in business school curriculum, numerous business decision makers – leaders either did not register for, or ‘show up’ for the ‘business reputation 101’ course…or opted to take an art history course instead.
The demeanor that Equifax exhibited in October 2017…which we are hardly unaccustomed, regarding their announcement of a months’ previous ‘data breach’ involving the personal data of 140 million users-citizens is a sad commentary.
Well, through these intangible asset lens…this, and numerous other similar events, speak volumes about any business culture, perhaps (a.) rooted in arrogance, and (b.) operating with the assumption ‘lightening won’t strike us’ mentality. Aside from that, someone at Equifax made mighty poor decisions to disregard – overlook their fiduciary responsibilities to safeguard these critical ‘personal’ assets.
So, I respectfully commence this post by stating I do have considerable operational familiarity…with business reputation (risk) which it’s worth noting again, is an extraordinarily valuable intangible asset.
Corporate culture and reputation have obviously been overlooked aspects to the ‘Equifax’ story…that is, not being adequately reported, aside from a few like Daniel Marans of POLITICS, Huffington Post, myself, and Dr. Nir Kossovsky.
Through my lens, when a highly consolidated industry exists…e.g., credit reporting, with just three major players that collectively hold a very substantial percentage, perhaps 90+%, of the market, i.e. Equifax, Experian, and TransUnion.
In these circumstances, incentives for c-suites to ensure…deployment of effective data safeguards beyond the minimum, and closely monitoring risk vulnerability, probability, and criticality for (inevitable) breaches and/or attempts, may fall below what most would agree constitutes ‘best practice’ relative to other industries.
More to the point…not taking, or only taking minimal steps to thwart, contain, and mitigate persistent probing for entrées to a data breach, ala risk materialization, would, for most companies, rapidly and adversely affect their reputation and cascade – escalate throughout an enterprise, in this instance, Equifax, for years into the future.
However, this obligation – fiduciary responsibility, was wholly absent from the testimony given in Capitol Hill hearings on October 4, 2017…given by now, the former Equifax CEO Richard Smith, at the behest of the U.S. Senate’s Committee on Banking, Housing and Urban Affairs.
I, like countless others, are appalled at reading Smith’s testimony… regarding the security-data breach to Equifax which exposed the personal data of more than 140+ million Americans to identity theft and fraud.
Should my characterizations of Smith’s testimony transcript, the decisions and operational realities conveyed…is confirmation that Smith, in a combination of arrogance, disregard for fiduciary responsibilities, and not recognizing how ‘the company’s breach’ would be exploited by adversaries globally.
The minimally ‘feel good’ reparations offered to…potentially 140 million Equifax customers – victims, appeared to make sense to Equifax, providing rationale for Equifax to not feel particularly uncomfortable or apologetic, even if their reputation ‘took a hit’ because there were enormous (more) revenues to be made.
Unfortunately, when there is little sector competition…devoting resources beyond a reasonable minimum, to mitigating the materialization of reputation risk(s), is, in my view, a misread of competitive advantage economics.
So, for me, such c-suite strategies are insulting…especially when such inaction invites – contributes to risk materialization, leaving consumers with no viable alternative or option when significant problems (data) breaches occur.
In addition to the inexcusable delay in reporting ‘the breach of your system’…Equifax has actually-created more business opportunities for itself”, Sen. Elizabeth Warren (D-Mass.) remarked during the October 4 hearings, to which Mr. Smith replied, “yes, Senator, it (the breach) has been a huge opportunity for Equifax”.
For readers who perhaps are unfamiliar with U.S.’s consolidated consumer credit tracking sector…i.e., Equifax, Experian, and TransUnion, each firm tracks individual credit histories and uses the collected data to compile credit “scores” which they sell to lenders for assessing the creditworthiness of prospective borrowers.
- One outcome, Senator Warren said, is companies (like Equifax) have little incentive to invest in safeguards for the consumer data they collect and store.
Senator Warren’s claim arose from the fact that Equifax…and other firms, had already sought to make money from the September 2017 breach by offering affected – victimized consumers a year of free credit monitoring, after which the company would begin charging for the service.
Of note, “from 2013 until today…Equifax disclosed at least four separate data compromises – breaches to their clients personal data. Not surprisingly, during those four years (2013-2017), Equifax’s revenues rose by more than 80%, a fact which Smith admitted in testimony to Senator Warren.
Another frustrating (troubling) aspect to this is that organizations… not-infrequently (initially) treat these types of materialized (catastrophic) risks as mere public relations challenges which presumably can be rapidly repaired – remediated. Yes, in some instances such a strategy (response) may find the proverbial traction.
- …the person who elects not to read has little or no advantage over the person who cannot read! (Variously attributed to Samuel Clemens, adapted by Michael D. Moberly.)
Michael D. Moberly St. Louis October 5, 2017 [email protected] the ‘Business Intangible Asset Blog’ since May 2006, 600+ published blog posts, ‘where one’s attention span, business realities, intangible assets, and solutions converge’.
Readers are invited to explore other posts, video, position papers, and books at https://kpstrat.com/blog