Technology > Tech Biz
When security disaster strikes
Softbank and Wells Fargo set exemplary customer service examples after a security breach.
March 4, 2004: 1:49 PM EST
By Eric Hellweg, CNN/Money contributing columnist

Sign up for the Tech Biz e-mail newsletter

SAN FRANCISCO (CNN/Money) - Online data security breaches don't make headlines every day, but they happen often enough to keep some consumers wary of making online purchases, others of banking online, and still others of giving their personal health information to online medical sites.

Consider this: In a 1999 poll conducted by Harris Interactive, nearly 30 percent of respondents said online privacy and data security weren't a concern for them; by 2002, that number had shrunk to 10 percent. The other 90 percent were somewhat to very concerned.

Given the wide range of corporations' responses to online data security breaches, it's easy to see why the majority of people are concerned about privacy. Put simply, very few companies react to data breaches in ways that satisfy consumers' fears that disaster could strike again.

Security on the mind

"It's definitely something consumers think about," says Patty Freeman-Evans, an analyst with Jupiter Research. According to Freeman-Evans, 25 percent of those who don't shop online say security concerns are the reason they don't. She says that number has decreased but is obviously still significant.

Recently in Tech Biz
Mouse trap?
Scoop up chips on the dip?
Cutting the cord

"Consumers in general are much more concerned about privacy and data security than they used to be," says Gartner Research vice president Richard Hunter.

Now, almost 10 years into the Internet economy's existence, we have a pretty wide selection of security breaches to observe. Some companies' reactions have been strong; others, not so good.

Let's start with an example of a not-so-good response. Microsoft is under a near-constant deluge of security threats; it's just about the biggest target out there. Granted, it spends the bulk of its $6 billion R&D budget on security-related projects, but its efforts, particularly in the area of public relations, are unimpressive.

The company simply demands far too much of its users, calling on them to constantly check for security patch updates and implement those patches across the enterprise to make sure everyone is up to date. It's as if Microsoft reacts to each new breach by throwing its hands up in the air.

While Redmond stumbles in its efforts to comfort its customers and remedy the situation when things go awry, other companies have shown admirable dexterity in navigating the complicated path of security-disaster recovery.

Healing the breaches

At the end of 2003, Wells Fargo experienced an enormous security breach when thieves absconded with computers containing customers' personal information. The bank contacted all the affected customers, set up new accounts for them, paid for them to access their credit reports, and bought each a year's membership in Privacy Guard -- "[making] sure people who were breached wouldn't be additionally harmed" by identity thefts going unchecked, Hunter says.

Follow the news that matters to you. Create your own alert to be notified on topics you're interested in.

Or, visit Popular Alerts for suggestions.

Softbank, the Japanese Internet company, employed a more extreme -- but in my opinion very effective -- tactic last week. President Masayoshi Son announced that as a result of the theft of 4.5 million broadband customers' personal data, he and six of his top executives would go without pay for the next six months.

"For the president of the company and his executive colleagues to take personal responsibility is refreshing," Hunter says.

The company's stock price reflected the public's appreciation of Son's gesture, jumping 7 percent on the no-pay announcement, after having declined 11 percent when the breach was revealed.

Learning from the past

So now, 22 years after Johnson & Johnson wrote the playbook on corporate response to unforeseen disaster with the way it handled the Tylenol tampering crisis, some of that tragedy's lessons still hold true: Own the problem immediately. Make reparations immediately. If appropriate, punish the people in charge.

And while the Tylenol case is a useful guide, we need a new one for 2004 and beyond, one that will help companies navigate the new challenges and dangers that lurk in the networked universe. Companies such as Wells Fargo and Softbank show that they get it. Microsoft and many others demonstrate that they don't.

Sign up to receive the Tech Investor column by e-mail.

Plus, see more tech commentary and get the latest tech news.  Top of page

American media keeps falling for Russian trolls
Xiaomi wants to raise over $6 billion in Hong Kong IPO
Etsy sellers confront unknowns after Supreme Court ruling
The health care industry needs workers. So it's turning to former factory and retail workers
Xiaomi wants to raise over $6 billion in Hong Kong IPO
Toyota updates the Century, car of choice for Japan's elites

graphic graphic