For the first time since a massive security breach struck Target during the holiday shopping season, CEO Gregg Steinhafel opened up in a lengthy interview. In the extensive interview, which aired early Monday morning on CNBC, Steinhafel recounts how he first learned about the data breach, explained why it took the company several days to share the news, and apologized directly to customers for the breach as well as for the initially slow response times in the company's call centers.
The interview comes at a critical moment for the discount retailer. After initially reporting that approximately 40 million credit and debit card accounts may have been affected, on Friday Target announced that its investigation found the impact was much broader. And consumer concerns are likely to rise even more, given that other retailers reportedly have been struck by cyber attacks. Upscale department store Neiman Marcus said Saturday that some of its customers' card information had been stolen, and a Reuters report from Sunday suggested that attacks on other merchants will soon come to light.
Some crisis communications experts graded Steinhafel's interview as a solid effort in the wake of his company's efforts to recover customers' trust. "He stayed on message, he took responsibility, he said he was sorry, he said they would make it right, he lauded his team, he repeated his message over and over and over again," said Davia Temin, founder of an eponymously named New York-based communications firm. "That's the playbook."
In addition, said Jason Maloni, who heads up the data security and privacy team for the communications firm Levick, Steinhafel showed "a human side" by sharing how he found out about the news over coffee at home on a Sunday morning.
Still, others questioned his execution and said there is more the company can still do. Paul Argenti, a professor of corporate communication at Dartmouth College's Tuck School of Business, said Target's CEO came off as far too scripted. "He should have had an emotional response" to the first question, Argenti said. "Instead, he bridged to a canned response."
Steinhafel could have gotten more sympathy from the audience had he kept a more conversational and emotional tone about how the company had been attacked, according to Argenti. "Instead there was this singular focus on the 'guest' and this constant repetition of the 'guest.'"
Maloni, meanwhile, would have liked to see the interview happen sooner than it did. Target first confirmed the data breach on Dec. 19, nearly a month ago. He also said the company, whose managers have been known to shun the spotlight, should take this as a lesson in why it's important for the CEO to grow his public profile. "When you have a public profile, you win a certain amount of good will," Maloni said. "You want people to know you for other things than when something goes wrong."
Steinhafel's interview is hardly the first step Target has made to try to rebuild its relationship with customers. On Friday, the company announced that it would be offering one year of free credit monitoring and identity theft protection to customers, a service which was launched Monday. It has also offered a discount to customers, has been communicating with customers directly, and has featured Steinhafel in videos on the company's Website.
But as far as crisis communications go, the company may eventually need to do more. Target, Maloni said, should proactively help to develop new technology or protections that help consumers. Tylenol introduced tamper-resistant packaging, for example, as a result of the its recall crisis during the 1980s. Taking more comprehensive steps to help all shoppers would help to position the company as an advocate for consumers.
Temin agreed. "It would show that they have an obligation not just to themselves and their guests but to the bigger problem," she said. "The other part of the crisis playbook besides your messaging is to become part of the solution."
CEOs may do well to tune in to Target's and Steinhafel's response to this crisis. Maloni expects security breaches to be a big communications challenge for companies in 2014, and said many of his clients have made preparing for them a top priority. One even put cyber security above a 9/11-style attack in terms of the biggest threat the company faces this year. Data security "is acutely on the minds of every board member and CEO and general counsel," Maloni said, adding "I don’t think there’s a retail CEO in America who’s not looking at Gregg and Target and saying 'there but for the grace of God go I.'"
Update: An earlier version of this post referred to Tylenol's introduction of a child-proof cap, where it should have referred to tamper-resistant packaging. The post has since been updated.