When companies and brands take a stand on “issues,” here’s a quick way to weigh the potential implications.

In recent years, companies and brands have found it increasingly difficult to navigate the PR waters in a politically polarized environment.

On the one hand, companies want to be seen as progressive and inclusive organizations.  On the other, there is concern about coming off as too controversial.

The environment is about as toxic as it’s ever been. In the “good old days,” companies were able to merrily avoid controversy by supporting universally agreed-upon “benign” causes.  But whereas in the 1970s or 1980s, celebrating Christmas or financially supporting the city’s symphony orchestra or fine art gallery was never faulted, today the situation is different.

Acknowledging a religious holiday risks criticism about offending non-believers or shortchanging people of other spiritual faiths. And dishing out dollars in support of “high culture” invites barbs about the need to divert those resources to more “socially woke” initiatives and away from “high culture” pursuits that speak to only a small slice of the general public.

The recent controversy with Nike and its Colin Kaepernick-inspired “Just Do It” campaign is another case in point. It may be a bit of a coin toss, but the conventional view is that Nike’s campaign was, on balance, a modest victory for the company in that more of the public was favorably disposed to it than put off by it.  And after a momentary dip in Nike’s share price, the stock recovered and ended up higher.

Less successful was Target’s move to direct its employees to forego wishing customers “Merry Christmas,” and instead use the more generic “Happy Holidays” greeting. Target decided to be “out front” with this issue compared to competitors like Wal-Mart.  But after several years of gamely attempting to enforce this guideline in the wake of negative customer reaction and a barrage of bad press on the talk shows, Target finally relented, quietly reverting to the traditional Xmas greeting.

Simply put, in the current cultural environment there are more risk-and-reward issues for brands than ever — and what actually happens as a result is often unpredictable.

And yet … surveys show that many consumers want brands to take overt stands on hot-button issues of the day.  Sometimes brands are just as criticized for not taking a stand on those very same hot-button issues — such as whether to adopt gun-free zones in office and retail spaces or deciding what kind of gun-related merchandise will be prohibited from being sold in their stores.

To deal with this increasingly gnarly challenge, recently the marketing technology company 4C Insights developed a “decision tree” exercise that’s elegantly simple. It’s a great “back of the napkin” way for a company to weigh the potential upside and downside factors of taking a stand on a socio-political issue that could potentially impact product sales, corporate reputation, or the company’s share price.

Here’s the 4C Insights cheat-sheet:

To my mind, the 4C Insights decision tree can be applied equally well to weighing a potentially controversial social or cultural issue in addition to a political one.

Indeed, it should be a ready-reference for any PR and marketing professional to pull out whenever issues of this kind come up for discussion.

In this environment, my guess is that it would be referenced quite frequently.

Suddenly, GoPro isn’t so “Go-Go” …

untitled2Most likely, I’ll never be a GoPro customer.

The only direct interaction I’ve had with the maker of action cameras was several years ago during the Great Target Credit Card Breach of 2013, when suddenly a half-dozen GoPro purchases mysteriously appeared on my card statement.

But other than that, my connection with GoPro and its line of cameras has been nonexistent — which isn’t at all surprising considering that at my age, I’m hardly an “action adventurer.”

Unfortunately for GoPro, many other people aren’t, either – and it’s one reason why the company’s financial results have been pretty ugly coming off of the most recent holiday season.

This past week, GoPro announced that it is cutting nearly 10% of its workforce (more than 100 people) because of weak sales during the 4th Quarter.

In a holiday quarter when product purchases should have grown revenues considerably, the weaker-than-expected sales volume of ~$435 million meant that GoPro’s revenues were far short of the $510 million originally projected.

From the financial market’s perspective, this news was sufficiently negative that trading of GoPro shares had to be halted briefly this past Wednesday.

untitled
GoPro shares over the past six months.

The company promises to divulge more information about its financial results in early February, but some observers are already beginning to paint the picture of what’s out of kilter:

  • GoPro misjudged the price consumers were willing to pay for its Hero4 Session cube cam, introduced in July 2015, resulting in two dramatic drops of the sticker price in September and December down to $199. 
  • Competitors are entering the field, putting further downward pressure on pricing. 
  • There’s a ceiling on the demand for action cameras because “action adventurer” consumers are such a small slice of the general population.

But does any of this come as a particular surprise?

Like in any other consumer electronics product category, the trajectory of high growth among early adopters leads to new market entrants, followed by the hardware becoming essentially a commodity.

… And the whole process is as swift as it is inevitable.

GoPro is branching into newer segments like camera drones — and not a moment too soon. But the reality is that in a product segment like action cameras, any supplier will always be just one step ahead of commoditization.  And for this reason, product mix reinvention has to be happening continuously.

Have we become too complacent about cyber-security threats?

cyber warfareThe scandal involving the security risk to U.S. State Department e-mails is just the latest in a long list of news items that are bringing the potential dangers of cyber-hacking into focus.

But of course, we’ve seen it before — and it involves far more than just “potential” risk.  From Target, Best Buy and other retailers to Ashley Madison customer profiles, IRS taxpayer information and the U.S. government’s personnel records, the drumbeat of cyber-security threats that’s turned out to be all-too-real is persistent and ongoing.

In the realm of marketing and public relations, recent breaches of PR Newswire and Business Wire data gave hackers access to pre-release earnings and financial reports that have been used to enrich nefarious insider traders around the world to the tune of $100 million or more in ill-gotten gains.

These and other events are occurring so regularly, it seems that people have become numb to them.  Every time one of these news items breaks, Instead of sparking outrage, it’s a yawner.

But Jane LeClair, COO of the National Cybersecurity Institute at Excelsior College, is pleading for an organized effort to thwart the continuing efforts — one of which could end up being the dreaded “Cyber Pearl Harbor” that she and other experts have warned us about for years.

“We certainly can’t go on this way — waiting for the next biggest shoe to drop when hundreds of millions — perhaps billions — will be looted from institutions … It’s time we stopped making individual efforts to build cyber defenses and started making a collective effort to defeat … the bad actors that have kept us at their mercy,” LeClair contends.

I think that’s easier said than done.

Just considering what happened with the newswire services is enough to raise a whole bevy of questions:

  • Financial reports awaiting public release were stored on the newswires’ servers … but what precautions were taken to protect the data?
  • How well was the data encrypted?
  • What was the firewall protection? Software protection?
  • What sort of intruder detection software was installed?
  • Who at the newswire services had access to the data?
  • Were the principles of “least privilege access” utilized?
  • How robust were the password provisions?

In the case of the newswire services, the bottom-line explanation appears to be that human error caused the breaches to happen.  The attackers used social engineering techniques to “bluff” their way into the systems.

Mining innocuous data from social media sites enabled the attackers to leverage their way into the system … and then use brute force software to figure out passwords.

Once armed with the passwords, it was then easy to navigate the servers, investigating e-mails and collecting the relevant data. The resulting insider trading transactions, made before the financial news hit the streets, vacuumed up millions of dollars for the perpetrators.

Now the newswire services are stuck with the unenviable task of attempting to “reverse engineer” what was done — to figure out exactly how the systems were infiltrated, what data was taken, and whether malicious computer code was embedded to facilitate future breaches.

Of course, those actions seem a bit like closing the barn door after the cows have left.

I, for one, don’t have solutions to the hacking problem. We can only have faith in the experts inside and outside the government for determining those answers and acting on them.

But considering what’s transpired in the past few months and years, that isn’t a particularly reassuring thought.

Would anyone else care to weigh in on this topic and on effective approaches to face it head-on?

Data breaches: Target is just the tip of the iceberg.

Target data breachI’m sure we aren’t the only family who’s had to suffer through the aftershocks of Target’s infamous Great Thanksgiving Weekend Data Breach that occurred in late 2013.

According to news reports, as many as 40 million Target credit cards were exposed to fraud by the data breach.  And as it turns out, the initial reports of nefarious doings were just the beginning.

Even after being given a new credit card number, my family has had to endure seemingly endless rounds of “collateral damage” for more than a year since, as Target’s very skittish credit card unit staff members have placed card-holds at the drop of a hat … initiated phone calls to us at all hours of the day … and asked for confirmations (and reconfirmations) of merchandise charges.

Often, these unwelcome communications have occurred on out-of-town trips or whenever someone in the family has attempted to make an innocuous online purchase from a vendor based overseas.

It’s been altogether rather icky — in addition to being a royal pain in the you-know-where.

But our experience has hardly been unique.  Consider these scary figures when it comes to data breaches that are happening with businesses:

  • On average, it takes nearly 100 days to detect a data breach at financial firms. 
  • It takes nearly 200 days to do so at retail establishments.

Those unwelcome stats come to us courtesy of a multi-country survey of ~1,500 IT professionals in the retail and financial sectors.  The study was conducted by the Ponemon Institute on behalf of network security and software firm Arbor Networks.

The next piece of unsettling news is that, even with the long “dwell” times of these data breaches, the IT professionals surveyed aren’t optimistic at all that the situation will improve over the coming year.  (Nearly 60% of those working in the financial sector aren’t optimistic, as do a whopping ~70% in retail.)

It’s doubly concerning because companies in these sectors are such obvious targets for hack attacks.  The reason is simple:  The amount and degree of customer data stored by companies in these sectors is highly valuable on the black market — thereby commanding high prices.

It makes it all the more lucrative for unscrupulous people to make relentless attempts to hack into the systems and extract whatever data they can.  IT respondents at ~83% of the financial companies reported that they suffer more than 50 such attacks in a given month, as do respondents at ~44% of the retail firms.

The impact on companies isn’t trivial, either.  Another study released jointly just last week by Ponemon and IBM, based on an evaluation of ~350 companies worldwide, finds that the average data breach costs nearly $160 for each lost or stolen record.  And that’s up over 6% from a year ago.  (The Target breach cost substantially more on a per-record basis, incidentally.  And for healthcare organizations, the average cost is well over $350 per record.)

dbWhat can be done to stem the endless flood of data breach attacks?  The respondents to this survey put the most faith in technology that monitors networks and traffic to stop or at least minimize these so-called advanced persistent threats (APTs).  More companies have been implementing formalized incident response procedures, too.

As Dr. Larry Ponemon, chairman of the Ponemon Institute has stated, “The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable.”

Clearly, more investment in security tools and operations would be advisable.

Anyone else care to weigh in with opinions?