Jump to:Page Content
In politics and business, the best-laid plans can go astray instantly when mismanaged trouble spirals into full-blown crisis.
A current case in point: N.J. Gov. Chris Christie, after denying that the September shuttering of traffic lanes on the George Washington Bridge in Fort Lee was orchestrated by his office as political retribution, had to confront damaging reports last week that the closures were ordered by a top aide, and were known by others. The revelations came with the release of emails from high-level Christie advisers and appointees at the Port Authority of New York and New Jersey.
During a Jan. 9 news conference, Christie apologized but denied knowing of or being involved in the traffic scheme. Christie said he had severed ties with his campaign manager and deputy chief of staff, who were implicated in the emails. Two Port Authority executives, who also knew of and appear to have assisted in the lane closures, abruptly resigned last month.
In another crisis-management case in the news, the massive Minneapolis-based retailer Target announced last month that hackers had stolen credit and debit card numbers from 40 million customers between Nov. 27 and Dec. 15. Since then, the company has twice revised that figure upward, acknowledging now that financial and personal data, such as phone numbers and addresses, from as many as 110 million customers were taken during the security breach.
Herman B. “Dutch” Leonard, the George F. Baker, Jr. Professor of Public Sector Management at Harvard Kennedy School (HKS) and the Eliot I. Snider and Family Professor of Business Administration at Harvard Business School, studies crisis management and leadership. He spoke with the Gazette about the challenges facing Christie and Target and their performances to date.
Q: How would you rate Gov. Christie’s handling of the bridge scandal and Target’s handling of the data breach thus far?
Leonard: In both cases, I would say so far as we know, they’ve done pretty well. The reason I would say “so far as we know” is that how well they are doing depends on facts which we can’t be certain of at this point. If all of what Gov. Christie knows has been revealed, then I think he’s done a very good job of recognizing that this was a very substantial problem, getting on top of it, and trying to figure out a way to manage it truthfully and forthrightly and successfully.
If it turns out subsequently that he knew a lot more about this or he could easily have found out and just basically wasn’t paying attention, then that’s an entirely different matter. If all of this story is as Gov. Christie presents it, then I think his press conference was quite remarkable and will be a model for how to take blame and how to model the acceptance of some bad event having happened even while you’re saying that you personally didn’t know more about it.
It’s very hard to tell often, when you had a cyber attack, just how widespread the damage was and how many people’s information might have been breached, so if Target gave its best good-faith estimates, then sometimes it just turns out worse than you thought. But you want to be very careful when you revise it once that you’re not going to have to revise it again.
I think the fundamental driving force in how well these events go is how well they are being handled from a substantive perspective. The critical question to ask is: How well have these officials at Target and in Gov. Christie’s office — and the governor himself — gotten on top of the actual substantive event? If, in hindsight, we say, “That was about as good a job as they reasonably could have done,” then I think they’ve done a good job both from a substantive perspective and from a process or public-relations perspective.
Q: Both Christie and Target seemed to have been caught unprepared. Target took weeks to determine how the breach was conducted and the true number of affected customers. In Christie’s case, he trumpeted his lack of awareness, both about the actions of his staffers and appointees and the Jan. 8 release of damaging emails, as proof of his innocence. Is not knowing, or professing to not know what’s going on, the basis of an effective strategy?
Leonard: First of all, that strategy will only work if it’s true — if he really didn’t know and he hasn’t encouraged his aides to play dirty tricks on opponents. Because if he has, there will be enough intense scrutiny here that facts about that will be found out. Can that strategy work? It depends on how close to his office the actual issue is.
Neither Target nor Gov. Christie seems unprepared to me. I think Christie handled this basically according to a script for how you handle breaking events. In that sense, he was ready. It’s always possible you can be blindsided by an issue. Being unprepared means to me that you don’t know what to do when that happens. I think he was very well prepared to deal with that. What he wasn’t was aware earlier of this event. So you have to judge, should he have been? Is there reasonable cause for suspicion or further investigation on his part that would have led a reasonable person to have found out more earlier? That’s still an open question.
I think that Target should have been more careful not to say things it could not be certain of. The nature of the kind of event that they had makes it very difficult to know what the extent of it is. So I’m not surprised they didn’t initially know and that it’s taking them a long time to figure out. I’m a little surprised they weren’t more circumspect at the outset about the uncertainty of their knowledge about that, precisely because it’s so difficult to be certain of how big a breach is. The flip side of that is, they have to maintain some degree of confidence among their customers. I think the ways they tried to do that, while maybe not perfectly designed, made a good deal of sense.
Q: Does a political crisis differ from a corporate crisis in terms of strategy and management?
Leonard: There are two different things that you’re managing. One is the actual realities. You can’t get very far away from the realities and sustain that. So if you’re not handling them well, that will eventually be obvious to everybody. Even if you are managing them well, there’s a separate set of issues about how it is being perceived to be managed, and those perceptions are not necessarily very directly hooked to the realities. A good example of that is the BP oil spill. Both the government and BP, to a certain extent, did a better job than they were given credit for. But the PR side was miserable. If you think about the amount of oil that went into the water and the limited amount of damage that was ultimately done on the beaches of the Gulf Coast, the perceptions were pretty far away from the underlying realities. I think BP and the federal government lost control of that story, lost influence in that story, and that’s a situation where even doing a good substantive job wasn’t by itself enough.
Q: How does one accurately measure whether they’ve successfully weathered the storm?
Leonard: Every one of these events is different, and so it’s very hard to specify. If something bad happened, we shouldn’t assume that you can come out of that without any damage at all. So the question is really: Relative to what a good performance would have looked like, how did they actually do? And that’s a very hard standard to set. I tend to look at it procedurally and to say: Given the resources available, how effectively were people able to mobilize, and did they do what you reasonably could have hoped for? As a Wall Street analyst, you would look at the change in the value of the company. What happened to its market capitalization? What happened to its revenues and earnings going forward as a result of this event? But the problem is, compared to what? Obviously, what you’d like to do is to compare it to a good performance. You don’t want to compare implicitly to “there never was an event.” I think you have to say, once that unexpected event breaks on you, how effective, how nimble were people at being able to keep the damage from spiraling? read more