Retirements and a “cybersecurity incident”
It seems like after a massive crisis, it is a good time for personnel associated with that crisis to retire. Equifax has had significant negative effects from data breach. It is a problem to have a “cybersecurity incident” when you have access to the critical identification and financial information of millions of people. Here are samples from the “retirement” announcements. First the Chief Information Officer:
“The company announced that the Chief Information Officer and Chief Security Officer are retiring. Mark Rohrwasser has been appointed interim Chief Information Officer. Mr. Rohrwasser joined Equifax in 2016 and has led Equifax’s International IT operations since that time. Russ Ayres has been appointed interim Chief Security Officer. Mr. Ayres most recently served as a Vice President in the IT organization at Equifax. He will report directly to the Chief Information Officer. The personnel changes are effective immediately.
Equifax’s internal investigation of this incident is still ongoing and the company continues to work closely with the FBI in its investigation.”
Then the CEO:
“Mark Feidler stated, “The Board remains deeply concerned about and totally focused on the cybersecurity incident. We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again. Speaking for everyone on the Board, I sincerely apologize. We have formed a Special Committee of the Board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.”
“Our interim CEO, Paulino, is an experienced leader with deep knowledge of our company and the industry. The Board of Directors has absolute confidence in his ability to guide the company through this transition,” Feidler continued.
Richard Smith said, “Serving as CEO of Equifax has been an honor, and I’m indebted to the 10,000 Equifax employees who have dedicated their lives to making this a better company.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right. At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith added. “
The interim CEO then issued an apology. Interestingly, the apology was published in the Wall Street Journal. Paying to have people see your apology, that seems a little impressive. However, it actually limits who can see the apology. The target for the apology does not appear to be the victims of the crisis but the investment community that can affect the value of Equifax. Moreover, a close look at the retirement announcements also reflect an effort to reassure the investment community, especially when call rather historic data breach a “cybersecurity incident.” This sounds like minimization, and effort to elude responsibility, rather than a company accepting responsibility.
Crisis communication is complex as you have multiple target audiences whose needs may not be aligned. Still, the use of the term “cybersecurity incident” seems a bit disrespectful to the victims and will do little to help victims to adjust. It might, however, help Equifax to recover on the economic side. Equifax also is planning to offer people in the U.S. free life time credit locking and unlocking in January 2018. Now that does speak to victims and moves beyond corrective action to a form of compensation.
- How do you think victims feel about the term “cybersecurity incident”? Why would Equifax adopt this term in its communications?
- What is the most compelling reason for placing the new apology in the Wall Street Journal while not placing it other places that are more easily accessible?
- The new offer of lifetime credit lock for free is three months off. How will that help as a form of compensation to victims.
- What stakeholders will really care about the retirements? The eventual permanent replacements?