Target as Target
After fumbling its initial response to a massive data breach, Target Corp. has rebounded, according to experts in crisis management.
However, they said, the retailer still faces challenges in regaining consumer confidence, especially among people directly harmed by the cyber attack, which struck at the height of the holiday shopping season.
In late November and early December, malware lodged in the retailer’s point-of-sale system siphoned off account and personal information for up to 110 million customers. But Minneapolis-based Target is not the only company that may have been struck. Luxury retailer Neiman Marcus suffered a smaller breach, and news reports suggest at least six other retailers have been hit. These other companies likely are keeping a close eye on Target’s handling of the crisis.
Critics have focused, in part, on the company’s early communications. Target appeared initially to underestimate the gravity of the situation, crisis consultants said. For example, Target’s first message to customers apologized for the inconvenience.
“You don’t call something like this an inconvenience,” said Rich Klein, a crisis management consultant in New York City.
Subsequent messages from Target used stronger language, acknowledging customers’ stress and anxiety, he said. Messages also switched from assuming customer confidence to promising to regain it, Klein added, praising the change.
“I would still say it’s so much better to get it right the first time,” he said.
Still, he added, the company made good use of its Twitter feed and Facebook page. Facebook, for example, was used only to communicate about the breach, not to advertise sales, though it also acted as something of a lightning rod for complaints.
Consultants also panned the company’s decision to extend a 10 percent discount to shoppers during the weekend of Dec. 21, a few days after news of the breach first surfaced. While the discount was a nice gesture, it did not adequately address customer concerns and seemed to suggest the crisis had passed, consultants said.
In addition, the company has occasionally appeared to be behind the news, with information trickling out in the media before being revealed by Target, said Jeff Jubelirer, vice president of Philadelphia-based Bellevue Communications Group. “We should expect more from a retailer of that size and that reputation and that level of success.”
A key turning point came on Jan.13 when the company’s CEO, Gregg Steinhafel, appeared on CNBC, apologizing for the breach, reassuring customers and defending the company’s reaction:
Steinhafel should have been giving interviews in December, said Jonathan Bernstein, an independent crisis management consultant in Los Angeles. “They would have suffered less loss of sales and less impact on their stock value if they had been more assertive from the get-go.”
Other observers gave Target high marks for making a relatively quick disclosure of the breach and offering a free year of credit monitoring to customers. The four-day gap between discovery of the breach on Dec. 15 and public disclosure on Dec. 19 was faster than it’s been in other cases, said Alysa Hutnik, an attorney in the Washington, D.C. office of Kelley Drye.
“I haven’t done the math, but I think that would rate somewhere at the very top,” said Hutnik, who specializes in cyber security issues.
Another high point is the prominent role of Target’s CEO, Hutnik said. “He knows there’s work to be done to earn back customer trust, and it looks like he is taking that obligation seriously,” she said, noting that top executives rarely serve as public faces after a data breach.
Other positive steps include Target’s $5 million investment in cyber security education said Michael Soza, a partner in accounting and consulting firm BDO.
“This latest move … is really going on the offensive to show that they really are trying to get out in front of this thing and really attack what is not just a Target problem,” Soza said.
As long as no other damaging details leak out, most customers will remain loyal to the chain, said Daniel Korschun, an assistant professor of marketing at Drexel University in Philadelphia.
But the company will have to work harder to win back customers who suffered directly. They will be hard to find and hard to soothe, especially if they’ve had to spend hours on the phone undoing damage to their credit or bank accounts.
“Those are the ones where the trust has really been lost,” Korschun said.
Manage Expectations, Manage Reputation
The art of managing reputation risk really comes down to shaping the expectations of shareholders, customers, vendors, creditors and investors.
“Not an easy thing to do,” said Nir Kossovsky, chief executive officer, Steel City Re, speaking at the annual RIMS conference in San Diego on April 12.
“Managing expectations involves behavioral economics – shaping what people expect from you and then meeting those expectations.”
He said expectations typically revolve around six key areas: safety, ethics, quality, security, sustainability and innovation. Failing to meet any of those expectations creates vulnerability for a company, opening up an opportunity for shareholders or special interest activists to come after the board of directors as the culpable party.
Increasingly, directors and officers are the true casualties of reputation damage.
Dissatisfied customers or partners know that “the court of public opinion is much more effective than the court of law,” Kossovsky said, so they will bring allegations against the board and force a public response.
“Managing expectations involves behavioral economics – shaping what people expect from you and then meeting those expectations.” – Nir Kossovsky, chief executive officer, Steel City Re
The best way to mitigate reputation risk, then, is to proactively communicate the board’s awareness of a company’s exposures, and acknowledge its duties to deliver on expectations related to the six key areas.
“Communication is critical,” said Todd Marumoto, director of risk management, Mattel, Inc. “There needs to be some sense of a plan for how the board will respond to a reputation event.”
Without a quick response, the silence is filled by the white noise of unsubstantiated opinion, Kossovsky said. That weakens the board’s credibility.
“Facts are available without much of a down payment. Allegations brought against the board don’t necessarily have to be true and can’t always be validated.”
Conflicting expectations make reputation risk management even harder.
Customers expect, for example, near impossible standards of quality and customer service, while shareholders expect strong profit and growth, and creditors expect swift payment.
While many believe that marketing and press coverage can be the tool for the messaging needed to mold expectations through public perception, the most effective way to mitigate reputation risk is through enterprise risk management that strives for excellence, the speakers said.
In other words, expectations should be set by a company’s performance.
Kossovsky offered the example of BP, which claimed to be “beyond petroleum.”
Despite impressive initiatives to use cleaner energy, BP was still, in fact, heavily reliant on petroleum. The Deepwater Horizon spill of 2010 sparked so much anger because people expected BP to be above such environmentally dangerous accidents.
ExxonMobil, on the other hand, acknowledged to its shareholders that a spill was always a real threat, but demonstrated the steps it was taking to minimize the risk. Shareholders thus had more realistic expectations of the company and are harder to disappoint.
Presenting to the C-Suite
Risk managers can bring the importance of reputation risk to the C-suites’ attention by demonstrating its financial impact.
“Expenses could come from having to replace a vendor, from a government penalty, litigation and class action lawsuits, or having to implement a new management process,” Marumoto said.
Overall, costs associated with remediating a reputational event can be two to seven times higher than costs related to the operational failure that caused the reputation damage in the first place.
“With reputation risk, it’s not always about right or wrong, but about getting the right outcome to satisfy shareholders and customers.” — Todd Marumoto, director of risk management, Mattel, Inc.
“It affects every line item of the P&L,” Kossovsky said.
The impact on D&O effectiveness will also certainly grab senior management’s attention.
“A typical board member makes about $250,000 per year to sit on the board for a term usually of about three years, and he’s usually sitting on three different boards,” Kossovsky said.
“He’s looking at a personal loss of over $2 million” if a reputational hit leads to him being asked to step down from those boards.
According to Marumoto, risk managers can influence outcomes of a reputational event by working internally with investor relations and marketing to ensure the company is sending a consistent message, and to develop a coordinated response plan.
“Ultimately, you have to be responsible for all things that pass in front of you,” he said. “Partner with vendors you trust, be transparent in your efforts to mitigate risks, and develop relationships with government agencies.
“With reputation risk, it’s not always about right or wrong, but about getting the right outcome to satisfy shareholders and customers.”
Compounding: Is it Coming of Age?
The WC managed care market has generally viewed the treatment method of Rx compounding through the lens of its negative impact to cost for treating chronic pain without examining fully the opportunity to utilize “best practice” prescription compounds to help combat the opioid epidemic this nation faces. IPS stands on the front lines of this opioid battle every day making a difference for its clients.
After a shaky start cost-wise, prescription drug compounding is turning the corner in managing chronic pain without the risk of opioid addiction. A push from forward-thinking states and workers’ compensation PBMs who have the networks and resources to manage it is helping, too.
Prescription drug compounding has been around for more than a decade, but after a rocky start (primarily in terms of cost), compounding is finally coming into its own as an effective chronic pain management strategy – and a worthy alternative for costly and dangerous opioids – in workers’ compensation.
According to Greg Todd, CEO and founder of Integrated Prescription Solutions Inc. (IPS), a Costa Mesa, Calif.-based pharmacy benefit manager (PBM) for the workers’ compensation and disability market, one reason compounding is beginning to hit its stride is because some states have enacted laws to manage it more effectively. Another is PBMs like IPS have stepped up and are now managing compound drugs in a much more proactive manner from an oversight perspective.
By definition, compounding is a practice through which a licensed pharmacist or physician (or, in the case of an outsourcing facility, a person under the supervision of a licensed pharmacist) combines, mixes, or alters ingredients of a drug to create a medication tailored to the needs of an individual patient.
During that decade, Todd explains, opioids have filled the chronic pain management needs gap, bringing with them an enormous amount of problems as the ensuing addiction epidemic sweeping the nation resulted in the proliferation and over-consumption of opioids – at a staggering cost to both the bottom line and society at large.
As an alternative, compounded topical cream formulations also offer strong chronic pain management but have limited side effects and require much reduced dosage amounts to achieve effective tissue level penetration. In fact, they have a very low systemic absorption rate.
Bottom line, compounding provides prescribers with an excellent alternative treatment modality for chronic pain patients, both early and late stage, Todd says.
Time for Compounding Consideration
That scenario sets up the perfect argument for compounding, because for one thing, doctors are seeking a new solution, with all the pressure and scrutiny they’re receiving when trying to solve people’s chronic pain problems using opioids.
Todd explains the best news about neuropathic pain treatment using compounded topical analgesic creams is the results are outstanding, both in terms of patient satisfaction in VAS pain reduction but also in reduction potentially dangerous side effects of opioids.
The main issue with some of the early topical creams created via compounding was their high costs. In the early years, compounding, which does not require FDA approval, had little oversight or controls in place. But in the past few years, the workers compensation industry began to take notice of the solid science. At the same time, medical providers also were seeing the same science and began writing more prescriptions for compounding – which also offers them a revenue stream.
This is where oversight and rigor on the part of a PBM can make a difference, Todd says.
“You don’t let that compounded drug get dispensed when you’re going to pay for it without having a chance to approve it,” Todd says.
Education is Critical
At the same time, there is the growing, and genuine, need to start educating the doctors, helping them understand how they can really deliver quality pain management to a patient without gouging the system. A good compounding specialty pharmacy network offering tight, strict rules is fundamental, Todd says. And that means one that really reaches out to work with the doctors that are writing the prescriptions. The idea is to ensure that the active ingredients being chosen aren’t the most expensive sub-components because that unnecessarily will drive the cost of overall compound “through the ceiling.”
IPS has been able to mitigate costs in the last couple years just by having good common sense approach and a lot of physician outreach. Working with DermaTran Health Solutions and its national network of compounding pharmacies, IPS has been successfully impacting the cost while not reducing the effectiveness of a compounded prescription.
In Colorado, which has cracked down on compounding profiteering, Legislative change demanded no compound could be more than $350.00 period. What is notable, in an 18-month window for one client in Colorado, IPS had 38 compound prescriptions come through the door and each had between 4 and 7 active ingredients. Through its physician education efforts, IPS brought all 38 prescriptions down 3 active ingredients or less. IPS also helped patients achieve therapeutic success (and with medical community acceptance). In that case, the cost of compound prescriptions was down to an average of $350, versus the industry average of $788. Nationwide IPS has reduced the average cost of a compound prescription to $478.00.
Todd says. “We’ve still got a way to go, but we’ve made amazing progress in just the past couple of years on the cost and effective use of compound prescriptions.”
For more information on how you can better manage your costs for compound prescriptions, please call IPS at 866-846-9279.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with IPS. The editorial staff of Risk & Insurance had no role in its preparation.