While public perceptions of “greedy businesspeople” have always been part of the sociological landscape, over the years opinions about family businesses have tended to be more forgiving.
That perception appears to be holding. A newly published report reveals that people trust family businesses significantly more than businesses in general.
The trust levels are ~75% for family-owned businesses versus just 59% overall.
That finding comes from a survey of ~15,000 respondents age 18 or older conducted by research firm Edelman Intelligence, which is part of the Edelman marketing communications firm.
The research was conducted across 12 country markets and are contained in the 2017 Edelman Trust Barometerreport. In addition to the United States, the other country markets that were surveyed included:
Brazil
Canada
China
France
Germany
India
Indonesia
Italy
Mexico
Saudi Arabia
United Kingdom
Not only do the respondents in the Edelman survey trust family businesses more, they themselves would rather work for a family business.
Moreover, if they know a company is a family-run business, they’re three times more likely to be willing to pay more for its products or services.
Not everything is quite so positive, however. Compared to businesses in general, family-run businesses aren’t viewed as innovators (only ~15% compared to ~45%), or drivers of financial success (just ~15% vs. ~43%).
Even more discouraging is this finding: Although in actuality family-run businesses are often major sources of philanthropy, only ~17% of the Edelman survey respondents view these companies as leaders in helping to address societal challenges. So, more work appears to be needed to attain the recognition that is deserved in this arena.
Another common perception – and this may be a more accurate one in reality – is that family-run businesses are skimpy in their willingness to share financial and other information about how their businesses are run.
But the most potentially harmful perception is the opinion the general public has about successive generations of family members managing family-run businesses. “Next-generation” CEOs are ~17% less trusted than founders. They’re also considered far more likely to mismanage the business – not to mention being seen as less committed to the success of their enterprises.
In short, an inherited business, like inherited wealth, is viewed with suspicion by many people, and it’s more likely to be perceived as “undeserved.”
So, the portrait of family businesses isn’t completely rosy … but the reputation of these enterprises remains better than for businesses in general.
More information and key findings from the Edelman report can be found here.
It’s the beginning of October – which means that the holiday shopping season will soon be upon us.
… If it isn’t already, based on the holiday displays we’re already seeing cropping up at some major retail chain stores.
Of course, U.S. retailing firms have been gearing up for the season for months now, in terms of building merchandise inventories and so forth. But what sort of consumer shopping dynamics will they be facing this year?
According to new research published by Euclid, Inc. in its 2017 Evolution of Retail report which covers holiday physical and digital retail trends, Cyber Monday has now overtaken all of the other holiday-season shopping days in terms of consumer excitement.
That finding is based on a survey of ~1,500 U.S. consumers age 18 and older. While majorities of respondents report that they are excited about each of the three biggest revenue days of the holidays, for the first time ever Cyber Monday heads the list in terms of consumer interest and excitement:
Cyber Monday: ~72% of consumers report being excited about this shopping day
Black Friday: ~62%
Day after Christmas: ~55%
Clearly, online shopping continues to build momentum year over year. But the Euclid research also reveals that physical stores continue to have a major role in the “buying journey.” Even among consumers in the 18-34 age group, three out of four respondents report that they visit physical stores on a regular basis to see products “in the flesh” – even if they purchase them online later.
Not surprisingly, “price” remain the biggest driver in consumer shopping behaviors during the holiday season, but convenience is another factor as well. It isn’t simply a store’s location that matters, but also how quickly shoppers can get in and out of the store that affects their views of “convenience.”
Interestingly, when comparing just in-store shopping plans, more respondents in the Euclid survey expect to be shopping on the day after Christmas (63%) than on Black Friday (60%) this year.
Perhaps the decisions by some big retailers to curtail store hours on that traditional first day of the holiday shopping season are being driven by more than simply altruism …
After several years of relative calm, suddenly we’ve faced some pretty significant natural disasters in North America – from the hurricanes that have devastated Houston and other cities in Texas, Louisiana and Florida to earthquakes in the vicinity of Mexico City.
Certainly, when it comes to hurricanes, tornados, earthquakes, floods and fires, some cities are more prone to these natural disasters than others.
Acting on that hunch, Trulia, the online real estate service company, has analyzed federal disaster area data to prepare maps that show the U.S. regions and the metropolitan areas within in them that are most susceptible to suffering a catastrophic event of this kind.
As it turns out, most metropolitan areas are at a high risk for at least one of the potential natural disasters – although thankfully none are at a high risk for absolutely everything.
The Trulia maps show these broad contours:
California and other western regions are at a higher risk for earthquakes and wildfires.
Hurricane risks are highest in Florida and along the Gulf Coast.
Flooding risks factor into the Florida/Gulf Coast regions as well, but they also stretch up and down the Eastern Seaboard.
Tornado risks are highest in the Plains states, portions of the Great Lakes states, plus the Central-South region of the country.
What does the Trulia analysis tell us about the large urban areas that are “safest” from all of these natural disaster risks? Trulia finds them in places like Ohio (Cleveland, Akron and Dayton), in Upstate New York (Buffalo, Syracuse) and other parts of the Midwest and inland Northeast.
Looking at the various housing markets across the United States, here’s Trulia’s list of the ones that are, on balance, the “safest” from natural disasters:
#1. Syracuse, NY
#2. Cleveland, OH
#3. Akron, OH
#4. Buffalo, NY
#5. Bethesda-Rockville-Frederick, MD
#6. Dayton, OH
#7. Allentown, PA
#8. Chicago, IL
#9. Denver, CO
#10. Troy-Warren, MI
Of course, being safest from natural disasters doesn’t account for the dangers from “man-made disasters” — as former Director of Homeland Security Janet Napolitano euphemistically labeled the other kinds of catastrophic events.
For the riskier places viewed from that standpoint, one might look to the most “iconic” metro areas such as Washington, DC, New York City and Boston as the likelier targets.
Plus, with North Korean nuclear weapons development and saber-rattling being prominent in the news of late, Honolulu, San Francisco, Seattle and Portland, OR might also make it on that list.
Speaking for myself, as a resident of the region just 50 miles east of Washington, DC and in light of our prevailing west-to-east wind and weather patterns, the possibility of encountering radioactive fallout from a nuclear strike aimed at our nation’s capital has always been a really fun scenario to consider …
It’s common knowledge by now that the data breach at credit reporting company Equifax earlier this year affected more than 140 million Americans. I don’t know about you personally, but in my immediate family, it’s running about 40% of us who have been impacted.
And as it turns out, the breach occurred because one of the biggest companies in the world — an enterprise that’s charged with collecting, holding and securing the sensitive personal and financial data of hundreds of millions of people — was woefully ill-prepared to protect any of it.
How ill-prepared? The more you dig around, the worse it appears.
Since my brother, Nelson Nones, works every day with data and systems security issues in his dealings with large multinational companies the world over, I asked him for his thoughts and perspectives on the Equifax situation.
What he reported back to me is a cautionary tale for anyone in business today – whether you’re working in a big or small company. Nelson’s comments are presented below:
Background … and What Happened
According to Wikipedia, “Equifax Inc. is a consumer credit reporting agency. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide.”
Founded in 1899, Equifax is one of the largest credit risk assessment companies in the world. Last year it reported having more than 9,500 employees, turnover of $3.1 billion, and a net income of $488.1 million.
On September 8, 2017, Equifax announced a data breach potentially impacting 143 million U.S. consumers, plus anywhere from 400,000 to 44 million British residents. The breach was a theft carried out by unknown cyber-criminals between mid-May 2017 until July 29, 2017, which is when Equifax first discovered it.
It took another 4 days — until August 2, 2017 — for Equifax to engage a cybersecurity firm to investigate the breach.
Equifax has since confirmed that the cyber-criminals exploited a vulnerability of Apache Struts, which is an open-source model-view-controller (MVC) framework for developing web applications in the Java programming language.
The specific vulnerability, CVE-2017-5638, was disclosed by Apache in March 2017, but Equifax had not applied the patch for this vulnerability before the attack began in mid-May 2017.
The workaround recommended by Apache back in March consists of a mere 27 lines of code to implement a Servlet filter which would validate Content-Type and throw away requests with suspicious values not matching multipart/form-data. Without this workaround or the patch, it was possible to perform Remote Code Execution through a REST API using malicious Content-Type values.
Subsequently, on September 12, 2017, it was reported that a company “online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected [sic] by perhaps the most easy-to-guess password combination ever: ‘admin/admin’ … anyone authenticated with the ‘admin/admin’ username and password could … add, modify or delete user accounts on the system.”
Existing user passwords were masked, but:
“… all one needed to do in order to view [a] password was to right-click on the employee’s profile page and select ‘view source’. A review of those accounts shows all employee passwords were the same as each user’s username. Worse still, each employee’s username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee’s last name, you also could work out their password for this credit dispute portal quite easily.”
The reporter who broke this story contacted Equifax and was referred to their attorneys, who later confirmed that the Argentine portal “was disabled and that Equifax is investigating how this may have happened.”
The Immediate Impact on Equifax’s Business
In the wake of these revelations, Equifax shares fell sharply: 15% on September 8, 2017, reducing market capitalization (shareholder value) by $3.97 billion in a single trading day.
Over the next 5 trading days, shares fell another 24%, reducing shareholder value by another $5.4 billion.
What this means is that the cost of the breach, measured in shareholder value lost by the close of business on September 15, 2017 (6 business days), was $9.37 billion – which is equivalent to the entire economic output of the country of Norway over a similar time span.
This also works out to losses of $347 million per line of code that Equifax could have avoided had it deployed the Apache Struts workaround back in March 2017.
The company’s Chief Information Officer and Chief Security Officer also “retired” on September 15, 2017.
Multiple lawsuits have been filed against Equifax. The largest is seeking $70 billion in damages sustained by affected consumers. This is more than ten times the company’s assets in 2016, and nearly three times the company’s market capitalization just before the breach was announced.
The Long-Term Impact on Equifax’s Brand
This is yet to be determined … but it’s more than likely the company will never fully recover its reputation. (Just ask Target Corporation about this.)
Takeaway Points for Other Companies
If something like this could happen at Equifax — where securely keeping the private information of consumers is the lifeblood of the business — one can only imagine the thousands of organizations and millions of web applications out there which are just as vulnerable (if not as vital), and which could possibly destroy the entire enterprise if compromised.
At most of the companies I’ve worked with over the past decade, web application development and support takes a back seat in terms of budgets and oversight compared to so-called “core” systems like SAP ERP. That’s because the footprint of each web application is typically small compared to “core” systems.
Of necessity, due to budget and staffing constraints at the Corporate IT level, business units have haphazardly built out and deployed a proliferation of web applications — often “on the cheap” — to address specific and sundry tactical business needs.
“Kid’s Day” at Equifax’s Argentine offices. Were the kids in command there, one is tempted to wonder …
I strongly suspect the Equifax portal for managing credit report disputes in Argentina — surely a backwater business unit within the greater Equifax organization — was one of those.
If I were a CIO or Chief Security Officer right now, I’d either have my head in the sand, or I’d be facing a choice. I could start identifying and combing through the dozens or hundreds of web applications currently running in my enterprise (each likely to be architecturally and operationally different from the others) to find and patch all the vulnerabilities. Or I could throw them all out, replacing them with a highly secure and centrally-maintainable web application platform — several of which have been developed, field-tested, and are readily available for use.
__________________________
So, there you have it from someone who’s “in the arena” of risk management every day. To all the CEOs, CIOs and CROs out there, here’s your wakeup call: Equifax is the tip of the spear. It’s no longer a question of “if,” but “when” your company is going to be attacked.
And when that attack happens, what’s the likelihood you’ll be able to repel it?
… Or maybe it’ll be the perfect excuse to make an unforeseen “early retirement decision” and call it a day.
__________________________
Update (9/25/17): And just like clockwork, another major corporation ‘fesses up to a major data breach — Deloitte — equally problematic for its customers.
Today I was talking with one of my company’s longtime clients about how much of a challenge it is to attract the attention of people in target marketing campaigns.
Her view is that it’s become progressively more difficult over the past dozen years or so.
Empirical research bears this out, too. Using data from a variety of sources including Twitter, Google+, Pinterest, Facebook and Google, Statistic Brain Research Institute‘s Attention Span Statistics show that the average attention span for an “event” on one of these platforms was 8.25 seconds in 2015.
Compare that to 15 years earlier, when the average attention span for similar events was 12.0 seconds.
That’s a reduction in attention span time of nearly one-third.
Considering Internet browsing statistics more specifically, an analysis of ~60,000 web page views found these behaviors:
Percent of page views that lasted more than 10 minutes: ~4%
% of page views that lasted fewer than 4 seconds: ~17%
% of words read on web pages that contain ~100 words or less: ~49%
% of words read on an average web page (around ~600 words): ~28%
The same study discovered what surely must be an important reason why attention spans have been contracting. How’s this tidy statistic: The average number of times per hour that an office worker checks his or her e-mail inbox is … 30 times.
Stats like the ones above help explain why my client – and so many others just like her – are finding it harder than ever to attract and engage their prospects.
Fortunately, factors like good content and good design can help surmount these difficulties. It’s just that marketers have to try harder than ever to achieve a level of engagement that used to come so easily.
More results from the Statistic Brain Research Institute study can be found here.
It seems almost unbelievable that the first e-mail was sent nearly 50 years ago. That makes e-mail older than the majority of the people who live in the United States.
But in another sense, e-mail seems timeless. That’s underscored in the results from Adobe’s latest Consumer E-Mail Survey Report, released this past month.
One of the key findings from that survey is that ~85% of the respondents see their use of e-mail increasing or staying the same over the next two years.
Even many Gen Z respondents – people in their 20s – see their use of e-mail in similar terms; ~41% of them predict that their use of e-mail at work will increase, and ~30% see the same happening in their personal e-mail use.
In the work environment, e-mail has solidified itself as the preferred method of communication for many of the activities of daily interaction. When compared against other methods of communication like phone, face-to-face interaction, instant messaging, video chat, file sharing and enterprise social networks, e-mail comes out on top in many instances:
Communicating status updates on a project: ~60% prefer e-mail, followed by phone (~16%)
Delivering feedback: ~52% prefer e-mail, followed by phone (~30%)
Getting a brief question answered: ~35% prefer e-mail, followed by face-to-face (~25%)
And yet … there are a number of tasks where a face-to-face conversation is more preferred as a communications method:
Suggesting a new approach or idea
Asking for help on a big project
Alerting your manager or boss of an important issue
But without a doubt, “quitting your job” is where more than three-fourths of respondents consider a face-to-face communication as the most appropriate method, compared to just 11% who consider e-mail to be appropriate for communicating that kind of news.
These characteristics serve to illustrate that e-mail’s big power is in its efficiency and effectiveness for facilitating more “transactional” communications. But for topics and tasks that require more social finesse – like asking for help, pitching a new idea, or discussing problems – face-to-face interaction still rules the day.
This explains e-mail’s ubiquity and its staying power. It’s quite elegant, really; tt does what it needs to do – communicating quickly and efficiency without unnecessary complications.
E-mail enables both send and receive to communicate on their respective timelines, without disruption.
It provides an archival record of communication (just ask Wikileaks).
It’s fully integrated into people’s work flows.
This last point helps explain why so many “alternative” communication methods fail to catch on in a major way. The next time you hear of some start-up enterprise promising to abolish the inbox, take it with a big grain of salt.
History and logic would suggest that something, someday would overtake e-mail and make it obsolete. After all, in the 50 years since e-mail has been with us, we’ve see all sorts of other communications tools lose their luster – think VCRs, FAX machines, tape decks, QR codes, and information on CD-ROM.
But e-mail may be the exception. It’s pretty amazing how something that’s changed so little over the decades is still such an integral part of our communications.
More findings from the 2017 Adobe survey are summarized here.
There are a growing number of reasons why more marketers these days are referring to the largest social media platform as “Fakebook.”
Back last year, it came to light that Facebook’s video view volumes were being significantly overstated – and the outcry was big enough that the famously tightly controlled social platform finally agreed to submit its metrics reporting to outside oversight.
To be sure, that decision was “helped along” by certain big brands threatening to significantly cut back their Facebook advertising or cease it altogether.
Now comes another interesting wrinkle. According to Facebook’s statistics, the social network claims it can reach millions of Americans across several important age demographics, as follows:
18-24 year-olds: ~41 million people
25-34 year-olds: ~60 million people
35-49 year-olds: ~61 million people
There’s one slight problem with these stats: U.S. Census Bureau data indicates that the total number of people living in the United States falling in the 18-49 age grouping is 137 million.
That’s a substantially lower figure than the 162 million people counted by Facebook – 25 million (18%) smaller, to be precise.
What could be the reason(s) for the overcount? As reported by Business Insider journalist Alex Heath, a Facebook spokesperson has attributed the “over-counting” to foreign tourists engaging with Facebook’s platform while they’re in the United States.
That seems like a pretty lame explanation – particularly since U.S. tourism outside the country is a reciprocal activity that likely cancels out foreign tourism.
There’s also the fact that there are multiple Facebook accounts maintained by some people. But it stretches credulity to think that multiple accounts explain more than a small portion of the differential.
Facebook rightly points out that its audience reach stats are designed to estimate how many people in a given geographic area are eligible to see an ad that a business might choose to run, and that this projected reach has no bearing on the actual delivery and billing of ads in a campaign.
In other words, the advertising would be reaching “real” people in any case.
Still, such discrepancies aren’t good to have in an environment where many marketers already believe that social media advertising promises more than it actually delivers. After all, “reality check” information like this is just a click away in cyberspace …
Sparring over the guarantees and limits of free speech seems to be growing rather than abating.
How controversial? The advertising rejected by the Washington Metropolitan Area Transit Authority as being too political for public display.
The most recent indication of just how much confusion there is on the topic of free speech comes in the form of a recently filed lawsuit brought by the American Civil Liberties Union against the Washington Metropolitan Area Transit Authority (WMATA) – a public agency popularly known as the DC Metro.
The issue sparking the lawsuit related to a number of ads which the WMATA refused to display due to concerns over the advertising content being “too political for public display.”
Countering WMATA’s efforts to avoid “offending” its customers, the ACLU chose to sue on behalf of itself as well as three companies and organizations that includes:
Carafem – a healthcare network specializing in birth control and medication abortion
Milo Worldwide, LLC – the corporate entity behind the libertarian political advocate and “extreme commentator” Milo Yiannopolous
PETA Foundation(aka FSAP – Foundation to Support Animal Protection) – an animal rights/welfare organization
The lawsuit claims that WMATA refused to display advertising from these organizations for fear of offending some of the people who use its transportation services.
In announcing its intention to defend itself against the ACLU suit, a WMATA spokesperson stated:
“In 2015, WMATA’s board of directors changed its advertising forum to a nonpublic forum and adopted commercial advertising guidelines that prohibit issue-oriented ads, including political, religious and advocacy ads. WMATA intends to vigorously defend its commercial advertising guidelines, which are reasonable and viewpoint-neutral.”
On the point of whether the advertising in question is “issues-oriented,” there is sharp disagreement.
Gabe Walters, manager of legislative affairs for the PETA Foundation, emphasizes that “the government cannot pick and choose who gets to speak based on their viewpoint – no matter how controversial.”
A spokesperson for Milo Yiannopoulos echoed the PETA Foundation statement: “On this issue we are united: It is not for the government to chase so-called ‘controversial’ content out of the public square.”
Considering the ads that were rejected, a case could be made that they’re hardly “controversial” on their face:
The Milo Worldwide ads featured a photo of Milo Yiannopoulos.
The Carafem ad copy stated simply “for abortion up to 10 weeks.”
The PETA ad showed a pig with the caption, “I’m ME, not MEAT. See the Individual. Go Vegan.”
The ACLU ad stated the First Amendment language verbatim.
The ACLU suit contends that none of the advertising in question negates any kind of fundamental right to free speech. Moreover, the abortion pill provided by Carafem is FDA-approved as well as accepted by the American Medical Association.
Even more problematic for the WMATA’s defense, at the same time the agency was rejecting the PETA ad, it approved one from Chipotle promoting a menu item made with pork.
The only difference between them according to the ACLU? The Chipotle ad sends the message that it’s good to eat pork, whereas the PETA ad says the opposite.
Looking at the contours of the lawsuit and the facts of the case, I think the WMATA defense is on pretty shaky ground, and for this reason, I’m pretty sure that the ACLU lawsuit is going to succeed.
Indeed, it’s somewhat distressing that such a suit had to be filed at all, because its point is the First Amendment and what it’s all about: protecting everyone’s speech.
That people are having to re-litigate the issue of free speech in 2017 speaks volumes about the level of confusion that has been introduced into the public sphere in decent years.
In a written statement, the company complained that what was originally designed to “serve as a forum for thoughtful and intelligent debate that would allow our global audience to engage with one another” had devolved into a free-for-all, with the comments sections “hijacked by users hiding behind pseudonyms spewing vitriol, bigotry, racism and sectarianism.”
“The possibility of having any form of debate was virtually nonexistent,” the al-Jazeera statement added – as if any further explanation for their action was needed.
I have a comment of my own in response to al-Jazeera: “Welcome to reality.”
Al-Jazeera is hardly an innocuous website in cyberspace. It reports on some of the most explosive developments affecting the most volatile regions of the world. Considering the sparring parties in these never-ending conflicts, complaining about “sectarianism” is almost laughable.
Is there a more “sectarian” group of people on the face of the earth than those who are exorcised about the inhabitants of the Middle East – or of Muslims, Christians and Jews in general? I don’t know of any.
As for the comments section being a repository of derision and hate, how is anyone surprised? What other result could one expect – especially since there was little or no attempt by al-Jazeera personnel to moderate the comments section?
The fact is, unmoderated comments sections that also allow for poster anonymity are a blanket invitation for “the inmates running the asylum.” Comments that are left in these “anything’s allowed” forums chase the well-intentioned participants away – and fast.
On the other hand, I’ve found plenty of well-moderated forums and comments sections that are as valuable as the underlying articles themselves.
That doesn’t happen all by itself, of course. Good moderation takes effective policies – requiring commentators to identify themselves for a start. It also requires an ever-watchful eye.
Evidently, al-Jazeera and others like them found the not-insignificant effort required to perform this degree of moderation to be unworthy of their time or financial resources. And as a result, their forums became worthless.
Over the past decade or so, consumers have been faced with basically two options regarding unwanted e-mail that comes into their often-groaning inboxes. And neither one seems particularly effective.
One option is to unsubscribe to unwanted e-mails. But many experts caution against doing this, claiming that it risks getting even more spam e-mail instead of stopping the delivery of unwanted mail. Or it could be even worse, in that clicking on the unsubscribe box might risk something even more nefarious happening on their computer.
On the other hand, ignoring junk e-mail or sending it to the spam folder doesn’t seem to be a very effective response, either. Both Google and Microsoft are famously ineffective in determining which e-mails actually constitute “spam.” It isn’t uncommon that e-mail replies to the personal who originated the discussion get sent to the spam folder.
How can that be? Google and Microsoft might not even know the answer (and even if they did, they’re not saying a whole lot about how those determinations are made).
Even more irritating – at least for me personally – are finding that far too many e-mails from colleagues in my own company are being sent to spam – and the e-mails in question don’t even contain attachments.
How are consumers handling the crossed signals being telegraphed about how to handle spam e-mail? A recent survey conducted by digital marketing firm Adestra has found that nearly three-fourths of consumers are using the unsubscribe button – and that figure has increased from two-thirds of respondents in the 2016 survey.
What this result tells us is that the unsubscribe button may be working more times than not. If that means that the unwanted e-mails stop arriving, then that’s a small victory for the consumer.
[To access the a summary report of Adestra’s 2017 field research, click here.]
What’s been your personal experience with employing “ignore” versus “unsubscribe” strategies? Please share your thoughts with other readers.
While public perceptions of “greedy businesspeople” have always been part of the sociological landscape, over the years opinions about family businesses have tended to be more forgiving.
Nones Notes 