Target as Target
After fumbling its initial response to a massive data breach, Target Corp. has rebounded, according to experts in crisis management.
However, they said, the retailer still faces challenges in regaining consumer confidence, especially among people directly harmed by the cyber attack, which struck at the height of the holiday shopping season.
In late November and early December, malware lodged in the retailer’s point-of-sale system siphoned off account and personal information for up to 110 million customers. But Minneapolis-based Target is not the only company that may have been struck. Luxury retailer Neiman Marcus suffered a smaller breach, and news reports suggest at least six other retailers have been hit. These other companies likely are keeping a close eye on Target’s handling of the crisis.
Critics have focused, in part, on the company’s early communications. Target appeared initially to underestimate the gravity of the situation, crisis consultants said. For example, Target’s first message to customers apologized for the inconvenience.
“You don’t call something like this an inconvenience,” said Rich Klein, a crisis management consultant in New York City.
Subsequent messages from Target used stronger language, acknowledging customers’ stress and anxiety, he said. Messages also switched from assuming customer confidence to promising to regain it, Klein added, praising the change.
“I would still say it’s so much better to get it right the first time,” he said.
Still, he added, the company made good use of its Twitter feed and Facebook page. Facebook, for example, was used only to communicate about the breach, not to advertise sales, though it also acted as something of a lightning rod for complaints.
Consultants also panned the company’s decision to extend a 10 percent discount to shoppers during the weekend of Dec. 21, a few days after news of the breach first surfaced. While the discount was a nice gesture, it did not adequately address customer concerns and seemed to suggest the crisis had passed, consultants said.
In addition, the company has occasionally appeared to be behind the news, with information trickling out in the media before being revealed by Target, said Jeff Jubelirer, vice president of Philadelphia-based Bellevue Communications Group. “We should expect more from a retailer of that size and that reputation and that level of success.”
A key turning point came on Jan.13 when the company’s CEO, Gregg Steinhafel, appeared on CNBC, apologizing for the breach, reassuring customers and defending the company’s reaction:
Steinhafel should have been giving interviews in December, said Jonathan Bernstein, an independent crisis management consultant in Los Angeles. “They would have suffered less loss of sales and less impact on their stock value if they had been more assertive from the get-go.”
Other observers gave Target high marks for making a relatively quick disclosure of the breach and offering a free year of credit monitoring to customers. The four-day gap between discovery of the breach on Dec. 15 and public disclosure on Dec. 19 was faster than it’s been in other cases, said Alysa Hutnik, an attorney in the Washington, D.C. office of Kelley Drye.
“I haven’t done the math, but I think that would rate somewhere at the very top,” said Hutnik, who specializes in cyber security issues.
Another high point is the prominent role of Target’s CEO, Hutnik said. “He knows there’s work to be done to earn back customer trust, and it looks like he is taking that obligation seriously,” she said, noting that top executives rarely serve as public faces after a data breach.
Other positive steps include Target’s $5 million investment in cyber security education said Michael Soza, a partner in accounting and consulting firm BDO.
“This latest move … is really going on the offensive to show that they really are trying to get out in front of this thing and really attack what is not just a Target problem,” Soza said.
As long as no other damaging details leak out, most customers will remain loyal to the chain, said Daniel Korschun, an assistant professor of marketing at Drexel University in Philadelphia.
But the company will have to work harder to win back customers who suffered directly. They will be hard to find and hard to soothe, especially if they’ve had to spend hours on the phone undoing damage to their credit or bank accounts.
“Those are the ones where the trust has really been lost,” Korschun said.
“If By Compensation…”
In 1952, Noah Sweat, Jr. a lawmaker from the then-dry state of Mississippi found himself explaining his position on whiskey to an audience of pro- and anti-prohibitionists. His speech, known today as “if by whiskey,” cheered both sides.
“If when you say whiskey you mean the devil’s brew, the poison scourge, the bloody monster, that defiles innocence… I am against it.”
“But, if when you say whiskey you mean the oil of conversation, the philosophic wine, the ale that is consumed when good fellows get together … I am for it.”
General Motors CEO Mary Barra faced a similar challenge developing the company’s compensation strategy for victims of its faulty ignition switches.
Customers expected GM to fully compensate victims, and capital providers expected GM to protect assets from litigation and compensation funds: One of GM’s major stakeholders was bound to be disappointed.
Barra’s move was to leverage the reputation of Kenneth Feinberg to help restore GM’s reputation with both sides. Kenneth Feinberg’s reputation makes the “if by whiskey” approach to GM’s compensation strategy possible.
Feinberg has been pivotal in resolving many of our nation’s most challenging and widely known compensation matters.
GM customers and victims are warmed by Feinberg’s experience directing the September 11th Victim Compensation Fund. Working pro bono, he spent three years meeting with families and calculating claim awards. Feinberg also handled compensation issues for the Virginia Tech shooting and the Boston Marathon bombing.
Barra’s move was to leverage the reputation of Kenneth Feinberg to help restore GM’s reputation with both sides.
GM’s stakeholders breathe easier knowing that Feinberg, as administrator of BP’s $20 billion fund to compensate victims of the Deepwater Horizon disaster, carefully manned the funding spigot.
Almost one year after the spill began, he had paid only 168,000 claimants out of more than 490,000 people who had filed. Feinberg explained then that 80 percent didn’t have proper documentation; the terms of the GM compensation plan similarly have strict documentation requirements.
Nor is he anti-corporatist. His firm accepted $850,000 a month from BP to administer the compensation fund, which led a New Orleans federal judge to order Feinberg to quit claiming independence from BP.
The “if by compensation” strategy is working, according to analysis published by Consensiv, the reputation controls company, based on reputation value metrics we use at Steel City Re.
The bump on the graph starts June 15th, the week Google Trends shows a steady uptake in searches for Kenneth Feinberg that accompanied an uptick in GM’s reputation metrics.
GM’s reputation premium, a measure of additional value arising from favorable stakeholder expectations, rose to the 46th percentile within its peer group, while the consensus trend, a measure of stakeholder surprise, showed an increase to 1.2 percent.
Reputation is about setting, meeting or beating expectations. Reputation restoration is about acknowledging fault, repairing the damage, and raising future standards.
Barra has been candid in exposing the faults.
Her challenge in repairing the damage was assuring customers and victims without frightening creditors and investors. By hiring Feinberg, Barra appears to have pleased both key stakeholder groups, boosting GM’s reputation.
Read all of Nir Kossovsky’s Risk Insider contributions.
Global Program Premium Allocation: Why It Matters More Than You Think
Ten years after starting her medium-sized Greek yogurt manufacturing and distribution business in Chicago, Nancy is looking to open new facilities in Frankfurt, Germany and Seoul, South Korea. She has determined the company needs to have separate insurance policies for each location. Enter “premium allocation,” the process through which insurance premiums, fees and other charges are properly allocated among participants and geographies.
Experts say that the ideal premium allocation strategy is about balance. On one hand, it needs to appropriately reflect the risk being insured. On the other, it must satisfy the client’s objectives, as well as those of regulators, local subsidiaries, insurers and brokers., Ensuring that premium allocation is done appropriately and on a timely basis can make a multinational program run much smoother for everyone.
At first blush, premium allocation for a global insurance program is hardly buzzworthy. But as with our expanding hypothetical company, accurate, equitable premium allocation is a critical starting point. All parties have a vested interest in seeing that the allocation is done correctly and efficiently.
“This rather prosaic topic affects everyone … brokers, clients and carriers. Many risk managers with global experience understand how critical it is to get the premium allocation right. But for those new to foreign markets, they may not understand the intricacies of why it matters.”
– Marty Scherzer, President of Global Risk Solutions, AIG
Basic goals of key players include:
- Buyer – corporate office: Wants to ensure that the organization is adequately covered while engineering an optimal financial structure. The optimized structure is dependent on balancing local regulatory, tax and market conditions while providing for the appropriate premium to cover the risk.
- Buyer – local offices: Needs to have justification that the internal allocations of the premium expense fairly represent the local office’s risk exposure.
- Broker: The resources that are assigned to manage the program in a local country need to be appropriately compensated. Their compensation is often determined by the premium allocated to their country. A premium allocation that does not effectively correlate to the needs of the local office has the potential to under- or over-compensate these resources.
- Insurer: Needs to satisfy regulators that oversee the insurer’s local insurance operations that the premiums are fair, reasonable and commensurate with the risks being covered.
According to Marty Scherzer, President of Global Risk Solutions at AIG, as globalization continues to drive U.S. companies of varying sizes to expand their markets beyond domestic borders, premium allocation “needs to be done appropriately and timely; delay or get it wrong and it could prove costly.”
“This rather prosaic topic affects everyone … brokers, clients and carriers,” Scherzer says. “Many risk managers with global experience understand how critical it is to get the premium allocation right. But for those new to foreign markets, they may not understand the intricacies of why it matters.”
There are four critical challenges that need to be balanced if an allocation is to satisfy all parties, he says:
Across the globe, tax rates for insurance premiums vary widely. While a company will want to structure allocations to attain its financial objectives, the methodology employed needs to be reasonable and appropriate in the eyes of the carrier, broker, insured and regulator. Similarly, and in conjunction with tax and transfer pricing considerations, companies need to make sure that their premiums properly reflect the risk in each country. Even companies with the best intentions to allocate premiums appropriately are facing greater scrutiny. To properly address this issue, Scherzer recommends that companies maintain a well documented and justifiable rationale for their premium allocation in the event of a regulatory inquiry.
Insurance regulators worldwide seek to ensure that the carriers in their countries have both the capital and the ability to pay losses. Accordingly, they don’t want a premium being allocated to their country to be too low relative to the corresponding level of risk.
Without accurate data, premium allocation can be difficult, at best. Choosing to allocate premium based on sales in a given country or in a given time period, for example, can work. But if you don’t have that data for every subsidiary in a given country, the allocation will not be accurate. The key to appropriately allocating premium is to gather the required data well in advance of the program’s inception and scrub it for accuracy.
When creating an optimal multinational insurance program, premium allocation needs to be done quickly, but accurately. Without careful attention and planning, the process can easily become derailed.
Scherzer compares it to getting a little bit off course at the beginning of a long journey. A small deviation at the outset will have a magnified effect later on, landing you even farther away from your intended destination.
Figuring it all out
AIG has created the award-winning Multinational Program Design Tool to help companies decide whether (and where) to place local policies. The tool uses information that covers more than 200 countries, and provides results after answers to a few basic questions.
This interactive tool — iPad and PC-ready — requires just 10-15 minutes to complete in one of four languages (English, Spanish, Chinese and Japanese). The tool evaluates user feedback on exposures, geographies, risk sensitivities, preferences and needs against AIG’s knowledge of local regulatory, business and market factors and trends to produce a detailed report that can be used in the next level of discussion with brokers and AIG on a global insurance strategy, including premium allocation.
“The hope is that decision-makers partner with their broker and carrier to get premium allocation done early, accurately and right the first time,” Scherzer says.
For more information about AIG and its award-winning application, visit aig.com/multinational.