Target as Target
After fumbling its initial response to a massive data breach, Target Corp. has rebounded, according to experts in crisis management.
However, they said, the retailer still faces challenges in regaining consumer confidence, especially among people directly harmed by the cyber attack, which struck at the height of the holiday shopping season.
In late November and early December, malware lodged in the retailer’s point-of-sale system siphoned off account and personal information for up to 110 million customers. But Minneapolis-based Target is not the only company that may have been struck. Luxury retailer Neiman Marcus suffered a smaller breach, and news reports suggest at least six other retailers have been hit. These other companies likely are keeping a close eye on Target’s handling of the crisis.
Critics have focused, in part, on the company’s early communications. Target appeared initially to underestimate the gravity of the situation, crisis consultants said. For example, Target’s first message to customers apologized for the inconvenience.
“You don’t call something like this an inconvenience,” said Rich Klein, a crisis management consultant in New York City.
Subsequent messages from Target used stronger language, acknowledging customers’ stress and anxiety, he said. Messages also switched from assuming customer confidence to promising to regain it, Klein added, praising the change.
“I would still say it’s so much better to get it right the first time,” he said.
Still, he added, the company made good use of its Twitter feed and Facebook page. Facebook, for example, was used only to communicate about the breach, not to advertise sales, though it also acted as something of a lightning rod for complaints.
Consultants also panned the company’s decision to extend a 10 percent discount to shoppers during the weekend of Dec. 21, a few days after news of the breach first surfaced. While the discount was a nice gesture, it did not adequately address customer concerns and seemed to suggest the crisis had passed, consultants said.
In addition, the company has occasionally appeared to be behind the news, with information trickling out in the media before being revealed by Target, said Jeff Jubelirer, vice president of Philadelphia-based Bellevue Communications Group. “We should expect more from a retailer of that size and that reputation and that level of success.”
A key turning point came on Jan.13 when the company’s CEO, Gregg Steinhafel, appeared on CNBC, apologizing for the breach, reassuring customers and defending the company’s reaction:
Steinhafel should have been giving interviews in December, said Jonathan Bernstein, an independent crisis management consultant in Los Angeles. “They would have suffered less loss of sales and less impact on their stock value if they had been more assertive from the get-go.”
Other observers gave Target high marks for making a relatively quick disclosure of the breach and offering a free year of credit monitoring to customers. The four-day gap between discovery of the breach on Dec. 15 and public disclosure on Dec. 19 was faster than it’s been in other cases, said Alysa Hutnik, an attorney in the Washington, D.C. office of Kelley Drye.
“I haven’t done the math, but I think that would rate somewhere at the very top,” said Hutnik, who specializes in cyber security issues.
Another high point is the prominent role of Target’s CEO, Hutnik said. “He knows there’s work to be done to earn back customer trust, and it looks like he is taking that obligation seriously,” she said, noting that top executives rarely serve as public faces after a data breach.
Other positive steps include Target’s $5 million investment in cyber security education said Michael Soza, a partner in accounting and consulting firm BDO.
“This latest move … is really going on the offensive to show that they really are trying to get out in front of this thing and really attack what is not just a Target problem,” Soza said.
As long as no other damaging details leak out, most customers will remain loyal to the chain, said Daniel Korschun, an assistant professor of marketing at Drexel University in Philadelphia.
But the company will have to work harder to win back customers who suffered directly. They will be hard to find and hard to soothe, especially if they’ve had to spend hours on the phone undoing damage to their credit or bank accounts.
“Those are the ones where the trust has really been lost,” Korschun said.
Schooling the NFL in Reputation Management
Back in the dark ages before the Internet, players on the gridiron were expected to play brutally hard for fans who sat through sometimes equally brutal weather.
Advertisers targeted the demographic with beer and pickup trucks, and paid enough for the privilege to enrich television networks, team owners and the tax-exempt league organization.
Football was entertainment for many, and a religion for many more. Winning was everything — a cultural obsession that over time sustained a range of abusive practices.
In 2009, Eric Olson, senior vice president at BSR, a social responsibility consultancy, warned that “hyper-transparency” enabled by the Internet would change the boundaries used to assess a company’s scope of control, and its degree of accountability and responsibility.
Football’s first major media sensation along these lines was the 2011 Penn State football coach child sex abuse scandal. It was a warning shot for the professional league. In rapid succession, stakeholders have made it clear to the NFL that the intangibles of quality, safety, and ethics on and off the field must now be intrinsic to the sport.
Two years ago, after labor issues simmered all summer between the league and its referees, a Monday night game between Seattle and Green Bay was marred by a disputed touchdown call by substitute referees.
Fans were livid. Vikings punter Chris Kluwe wrote that the NFL’s reputation “is tarnishing faster than a sailor’s virtue in a two-dollar whorehouse.”
“These refs are not fit to stand in for the men you’ve locked out for what is increasingly looking like nothing more than simple greed—attempting to squeeze blood from a stone simply because you can,” Kluwe wrote to NFL Commissioner Roger Goodell in an open letter.
In rapid succession, stakeholders have made it clear to the NFL that the intangibles of quality, safety, and ethics on and off the field must now be intrinsic to the sport.
Last year, the NFL agreed to pay $765 million to settle hundreds of cases accusing it of hiding information about the dangers of concussions, naively hoping that fans would refocus on the players and the games that make the sport a national obsession.
But to the NFL’s stakeholders, the game no longer exists in a vacuum.
The current reputation scandal centers on domestic violence. Stories and videos of beatings are illustrating graphically the meaning of hyper-transparency. Hannah Storm, anchor of ESPN’s SportsCenter, closed her review of the weekend NFL games in September by questioning if the league she enjoys actually cares about female fans, families, or the issue of domestic violence.
“What exactly does the NFL stand for?” she asked rhetorically at the end of the Monday morning program.
Storm could have been channeling The Walt Disney Company, which owns ESPN. In the age of hyper-transparency, stakeholder expectations have never been higher, and tolerance for errors has never been lower – disappoint them and they will punish you.
In the entertainment business Disney know so well, managing reputation is a business imperative.
A New Dawn in Civil Construction Underwriting
Pennsylvania school children know the tunnels on the Pennsylvania Turnpike by name — Blue Mountain, Kittatinny, Tuscarora, and Allegheny.
San Francisco owes much of its allure to the Golden Gate Bridge. The Delaware Memorial Bridge commemorates our fallen soldiers.
Our public sector infrastructure is much more than its function as a path for trucks and automobiles. It is part of our national and regional identity.
Yet it’s widely known that much of our infrastructure is inadequate. Given the number of structures designated as substandard, the task ahead is substantial.
The Civil Construction projects that can meet these challenges, however, carry a unique set of risks compared to other forms of construction.
“The bottom line is that there is always risk in a Civil Construction project. If the parties involved don’t understand what risk they carry, then the chances are there are going to be some problems, and the insurers would ideally like to understand the potential for these problems in advance.”
– Paul Hampshire, Vice President – Civil Construction, LIU
The good news is that recent developments in construction standards and risk management techniques provide a solid foundation for the type and risk allocation of Civil Construction projects they are underwriting. Carriers need to be able to adequately assess the client and design and construction teams that are involved.
For Builder’s Risk Programs, a successful approach prioritizes a focus on four key factors. These factors are looked at not only during the underwriting phase of the project but also in the all-important site construction phase, under the umbrella of a Risk Management Program, or RMP.
Four key factors
Four key factors that LIU focuses on in underwriting and providing risk management services on a Civil Construction project include:
1. Resource knowledge and experience: When creating a coverage plan, carriers work to understand who is delivering the project and how well suited key staff members are to addressing the project’s technical and management challenges. Research has shown that the knowledge and experience of those key players, combined with their ability to communicate effectively, is a big factor in the project’s success.
“We look to understand who is delivering a project, their expertise and experience in delivering projects of similar technical complexity in similar working conditions, even down to looking at the resumés of people in key positions,” said Paul Hampshire, Houston-based Vice President with Liberty International Underwriters.
2. Ground conditions and water: Soil and rock composition, the influence of ground and surface water, and foundation stability are key additional considerations in the construction of bridges, tunnels, and transit systems. If a suitable level of relevant ground (geotechnical) investigation and study has not been undertaken, or the results of such work not clearly interpreted, then it’s a red flag to underwriters, who would then question whether the project risk profile has been adequately evaluated and risks clearly and transparently allocated via suitable contract conditions.
“As we all know, ground is very rarely a homogenous element within Civil Construction projects,” LIU’s Hampshire said.
“It tends to vary from any proposed geotechnical baseline specification with the consequential potential for changes in behavior during construction. We need to understand who has assessed the condition of the ground, its behavior and design parameters when compared with a particular method of construction, and all importantly, who has been allocated the ground risk in a project and the upfront mechanisms for contractual ground risk sharing, if applicable,” he said.
Knowing how much water is associated with the in-situ ground conditions as well as the intensity, distribution and adequate accommodation (both in the temporary as well as in the permanent project configurations) of rainfall for a site location and topography are also key. Tunneling projects, for example, can be hampered by the presence of too much or unforeseen quantities of groundwater.
“In major tunneling infrastructure projects, the influence of in-situ groundwater pressures and /or water inflows is a major factor when considering the choice of excavation method and sequence as well as tunnel lining design requirements,” LIU’s Hampshire said.
According to a recent article in Risk & Insurance, tunneling under a body of water is one of the most challenging risk engineering feats. Adequate drainage layouts and their installation sequence for highway projects and, in particular, the protection of sub-grade works are also important. “But under all circumstances, we need to understand how the water conditions have been evaluated,” Hampshire said.
3. Technical Challenges: This risk factor encompasses the assessment of the technical novelty or prototypical nature of the project (or more often, specific elements of it) and how well the previously demonstrated experience of both the design and construction teams aligns with the project’s technical requirements and the form of contract determined for the project. The client can choose the team, but savvy underwriters will conduct their own assessment to see how well-suited the team is to technical demands of the project.
4. Evaluation of Time and Cost: With limited information generally provided, we need to be able to verify as best as possible the adequacy of both the time and cost elements of the project. Our belief is simply that projects that are insufficient in either one or both of these elements potentially pose an increased risk, as the construction consortium tries to compensate for these deficiencies during construction.
Small diameter Tunnel Boring Machine designed for mixed ground conditions and water pressures in excess of 2.5 bar.
In the 1990s and early years of this millennium, a series of high-profile tunnel failures across the globe resulted in major losses for Civil Construction underwriters and their insureds.
In the early 2000s, both the tunnel and insurance industries worked together to create new standards for high-risk tunneling projects.
A Code of Practice for the Risk Management of Tunnel Works (TCoP) is increasingly relied on by project managers and underwriters to define the best practices in tunnel construction projects. This process ideally starts at project inception (conceptual design stage or equivalent) and continues to the hand-over of the completed project.
LIU’s Hampshire said alongside TCoP, the project-specific Geotechnical Baseline Report and its interpretation and reference within the project contract conditions gives the underwriter greater clarity as to who recognizes and carries the ground risk and how it’s allocated.
“The bottom line is that there is always risk in a Civil Construction project,” Hampshire said. “Is the risk transparently allocated or is it buried? If the parties involved don’t understand what risk they carry, then the chances are there are going to be some problems, and the insurers would ideally like to understand the potential for these problems in advance,” Hampshire said.
Paul Hampshire can be reached at Paul.Hampshire@libertyiu.com.
To learn more about how Liberty International Underwriters can help you conduct a Civil Construction risk assessment before your next project, contact your broker.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty International Underwriters. The editorial staff of Risk & Insurance had no role in its preparation.