April 9, 2015
Case Study #2
Organization in Crisis:
Sony Pictures Entertainment, an American entertainment platform branched off of Japanese multinational technology. This company is run by CEO Thomas Rothman, and was founded in 1991.
Brief Situation Summary:
After years of creating and distributing films to consumers, Sony became subject to hacking as of Monday, November 24th. Shortly after the cyber attack started, a group referred to as “Guardians of Peace” took full responsibility for the hacking. They proceeded to blackmail the company, claiming they had acquired all of Sony’s internal information, and they were ready to send it public if Sony did not follow their instructions. The next couple of days were filled with numerous statement releases by Sony’s spokesperson Jean Guerin, as well as the appearance of new Sony films on popular websites. On November 29th, the organization discovered a connection between their cyber attackers and North Korea. After further investigation it was found that North Korea was outraged by the upcoming film, “The Interview,” which contained a plot line about the assassination of Kim Myong-Chol. The next two weeks were filled with constant movie leaks, salary revelations, and consistent threats to the United States if they were to show “The Interview” in movie theaters. North Korea denied any involvement in the crisis, but applauded the hackers for their work. On December 16th and 17th, all premieres for the film were cancelled in order to protect the public (Barleet). Sony had no pre crisis plan for a hacking situation, therefore the crisis got out of control. The film was later available online for purchase.
The people most affected by this crisis are the employees of Sony, primary and secondary stakeholders, and the crew of the despised film. These publics were impacted the most, because their salaries and conversations were being exposed to the public. The crew of “The Interview,” were also directly impacted because their film was being threatened to be taken off the screens of cinemas nationally, which would result in a significant loss of funds. Because this crisis was international, Sony needed to implement risk management by using the tactic of employee relations, to keep their internal communication open. The publics who were peripherally affected were the consumers and movie theaters around the United States. Consumers were affected because they lost the money they invested in a ticket to the film, and they no longer felt safe attending a movie theater. Cinemas took the impact of the threats in a significant loss of paying customers, and the lack of money brought in due to the cancellation of the film. Each public was affected in a personal way, and Sony had to recognize each group individually.
This crisis initially made Sony look weak as an organization to the public. Sony was being taken advantage of and controlled, and they adhered to everything the hackers were asking. The Chief Executive of Sony, Michael Lynton, defended the organization by stating the public was blind to what was actually going on (Mullen). He also reminded the public that Sony had nothing to do with the decisions made by movie theaters nationally. Lynton did the right thing speaking out to the media, because it made the company more credible throughout their reputation repair. This crisis also directly impacted everyone involved in the making of the film, therefore Sony had to cooperate and adhere to their needs. Regardless of the threats from the Guardians of Peace, Sony explored multiple options regarding distribution of “The Interview.” The fact that Sony stood up to the hackers with their clients in mind showed that Sony conducted business for the right reasons. This crisis impacted Sony in a more negative way initially, but when the crisis was handled in an admirable way, it reflected on the organization more positively.
Sony did a good job at fighting the crisis appropriately, and keeping their publics calm throughout the situation. The organization’s issues management considered the cyber attack as a high impact, high urgency crisis, which gave the situation the necessary attention from the internal crisis team. After the hack began, the company banned all staff from using the computers until there was more information as to what was happening. The next day Sony made sure to have an official spokesperson release a statement about the crisis, and used the strategy of dissociation, because Sony was not at fault for getting hacked. Sony spent the next few weeks trying to get their publics to understand the position they were being put in, by trying to reduce offensiveness towards their strategies. When the organization heard about the pull of the film from theaters, it was expressed how “deeply saddened” the company was (Barleet). The combination of Sony’s actions post crisis led them to exemplify a reactive strategy. Sony used the strategy of vocal commiseration in which they did not admit fault, but they sympathized with it’s publics.
Strategy Reasoning and Critique:
After researching this crisis, I do not find Sony completely at fault for being hacked by the Guardians of Peace. It is apparent Sony used the strategies above to show the public that they had been victimized, and they were taking the necessary steps to fix the problem. I believe Sony did a good job of communicating with the media rather than stay silent, and it made the organization more trustworthy in the eyes of the public. The organization also did a good job of making a compromise in the light of a bad situation, by selling the film online. Selling “The Interview” online ensured that the movie could still gain profit, and the threats didn’t completely ruin the film sales. Sony could have improved on their signal detection, however, because the film’s main plot line is so harsh. The organization should have been more prepared for an outburst from groups who support Kim Myong-Chol.
To fight the crisis head on, and prevent other crises from happening in the future, I would prepare the organization for situations such as a cyber attack ahead of time. Sony’s risk management wasn’t developed enough to predict how North Korea and other groups may react to the main focus of the film. While cyber attacks are difficult to predict and fight, Sony didn’t discover the link between the hackers and North Korea until five days after the crisis began. During that time nothing significant was being accomplished, and the organization as well as it’s publics were being impacted heavily. Sony could have also had a more offensive response to the cyber attackers, the organization focused more on fighting them internally than publicly. If Sony would have addressed them in a more public way, the organization’s publics might have been more compliant with what Sony was trying to accomplish. With proper planning and stronger responses regarding the hackers, Sony would have had an easier time getting others to understand the organizations’ perspective of the crisis.
Mullen, Jethro. “Sony Hack and North Korea: The War of Words Escalates – CNN.com.” CNN. Cable News Network, 22 Dec. 2014. Web. 08 Apr. 2015. <http://www.cnn.com/2014/12/22/world/asia/north-korea-us-sony-hack-who-says-what/>.
Barleet, Larry. “The Sony Hacking Crisis: Timeline.” The Sony Hacking Crisis: Timeline. Media Business Insight, 24 Nov. 2014. Web. 08 Apr. 2015. <http://www.screendaily.com/news/distribution/the-sony-hacking-crisis-timeline/5081017.article>.