Defining Damage Control in the Breach Epoch

In the past few weeks, we have seen ample evidence that technology breaches have replaced product recalls as the crisis management challenges of our present and future. The news has been replete with reports of the hacking of the adultery website AshleyMadison, potentially exposing tens of millions of adulterers, something that the hackers have expressly threatened.

Then there is the recent hacking into U.S. government computers which compromised the fingerprints and social security numbers of more than 20 million government workers to nefarious characters. And, in a new twist, researchers apparently were able to stop a Jeep dead in its tracks by accessing the vehicle’s controls through Chrysler’s wireless Uconnect system.

Predictably, these epic hacks have been characterized in media coverage as “public relations problems.” This is true to a point, but they are PR problems that don’t have PR solutions.

The targets of these breaches have done their best to calm justified jitters with helpful communications. AshleyMadison, for example, publicly stated that they had secured their sites and were cooperating with law enforcement. The company also denied that the widely-reported breach had even succeeded in the first place. At this writing, there have been no public reports of specific names alleged to have used AshleyMadison’s services, surely to the relief of many.

As breach targets evaluate their PR options, one of the most confounding elements is that this avalanche of disturbing news seems not to be deterring people and organizations from marching forward with even more potentially dangerous activity. In the case of AshleyMadison, this is best evidenced by the tens of millions who have been willing to put life-ruining data in the hands of people they do not know and technologies they neither control nor understand.

At the same time, efforts continue apace to put our medical data in a centralized and digitized bank that is destined to be managed by a government that has repeatedly demonstrated its inability to keep sensitive information private. In 2014, the UCLA Hospital System was compromised and a spokesperson commented, “We live in a digital age which brings tremendous benefits, but electronic health records come with the risk of this [hacking].”

Put simply, the only solution to breach crises is not to have breaches. Second best is to demonstrate that data has been secured after the fact. Chrysler’s response to the hacking of its vehicles was to develop upgraded software that would resist compromise and to make customers aware of this solution. Fixing the problem and giving consumers a sense of control is the best PR can accomplish.

If past is prologue, the compulsion for adulterous hookups will likely override the perceived risks, at least with many consumers. The sheer convenience of digitizing everything will also likely prevail over fears of the consequences –until, perhaps, there actually are consequences of a deeply personal and resonant nature.

Those entrusted with our most private information, not to mention our safety, will do well to focus on the mechanics of security versus the soft reassurances of conventional public relations.

Stuart Dezenhall contributed to this report.

Leave a Reply

Notify of