Several weeks after the Sony PlayStation Network was brought to its knees by a massive security breach, the company has decided to clean house with an executive reshuffling.
Among the changes: Akira Sato, chairman of Sony Computer Entertainment, and Ken Kutaragi, honorary chairman, will retire, effective almost immediately. Kutaragi is leaving his position now, but will continue to serve as an advisor. Sato is leaving at the end of August.
President and CEO of Sony Computer Entertainment Kazuo Hirai will become chairman and continue to serve as executive deputy president of Sony. Andrew House, PlayStation chief executive for Europe, will step into Hirai’s shoes.
Is It Enough?
Whether these changes will be enough to mitigate the immense damages the company suffered — and caused — in the wake of the cyberattacks is unclear, to put it charitably. A more candid assessment is that it’s downright doubtful.
To briefly recap, cyberattacks launced in April forced Sony’s PlayStation Network to shut down for more than three weeks and compromised perhaps as many as 100 million customers’ personal information. The breach will cost Sony at least US$171 million, according to its preliminary financial forecast, and the tab will likely wind up being higher. Among the variable costs the company is facing: multiple inquiries from various governments, as well as class action lawsuits — not to mention the lingering ill will of its partners and customers.
Given the magnitude of this damage, its executive reshufflings appear to be a paltry response.
Sony did not respond to the E-Commerce Times’ request to comment for this story.
“In my opinion this was just a nod to the class-action lawsuits,” Hawkthorne Group CEO Mike Meikle told the E-Commerce Times. “The arguments behind the lawsuits are that Sony didn’t take security seriously enough — and that consumer data protection was particularly lax.”
If Sony were truly serious about cleaning up after this breach, more — many more — heads would roll and they would be heads found further down the food chain, Meikle suggested.
“There should be firings at the senior level,” he said — “the people who were directly responsible for these policies, or lack of policies, rather.”
Such a recalibration of the executive team should not be done for punitive reasons, but rather to ensure that such a breach doesn’t happen again, Meikle explained.
“As far as I can tell, it has been business as usual,” he said. “I am not sure what problem this reorganization is addressing or even if it is the right problem — that is, whatever led to the breaches in the first place.”
In general, companies are starting to wake up to the fact that security needs to become a C-level responsibility, said Roger Cressey, a senior VP with Booz Allen Hamilton, who served in senior cybersecurity and counterterrorism positions in both the Clinton and Bush administrations.
Whether or not one agrees with the efficacy of Sony’s management changes, “we are definitely seeing a renewed focus on the security component and a recognition of how the threat has evolved,” Cressey told the E-Commerce Times.
In short, after a period of unusually brazen cyberattacks, companies, financial institutions and governments are waking up to the fact that they need to come up with a dynamic defense approach — one that is not network-security oriented but rather cybersecurity oriented, he said. Examples like Sony show that cyberattacks can impact a brand.
“What security is coming to mean for companies,” said Cressey, “is that it is about protecting the brand as much as it is about protecting data.”