Sony has been in slow motion the past two weeks, stumbling on how to tell the story of a recent catastrophic intrusion into its on-line gaming network. Indecision doesn't win in action games, and it's been devastating to Sony's reputation. The company has produced a textbook case study on how not to respond to a crisis.
Sony first learned its gaming networks had been hacked on April 19. But instead of making a straightforward, honest announcement, it waited a day and then issued the non-statement, "We're aware certain functions of PlayStation are down. We will report back here as soon as we can with more information."
The passive corporatespeak revealed Sony had retreated into a reactive mode. By then Sony had already closed down its PlayStation Network and Qriocity networks. That glaring fact and the absence of a believable story fueled the crisis. Sony was painting itself in a distinctly non-heroic light. Like most corporate cover-ups this non-strategy was doomed. Millions of gamers assumed Sony had been hacked, as it had long been defending itself against notorious hackers.
So what did Sony do? The company's leaders went into hiding. Three full days passed before it acknowledged that it had shut down its networks because "an external intrusion on our system has affected our PlayStation Network and Qriocity services." More Corporatespeak. To put this in perspective, imagine if New York Mayor Rudy Giuliani had announced on September 14th, 2001, "an external intrusion has affected our World Trade Center." The fact is Sony was blitzed. Denying reality only highlighted Sony's lack of candor.
By then Sony's official story was that it had shut down the networks to do a thorough investigation and insure that operations would be safe and secure. What was still missing? An authentic concern for Sony's millions of customers -- many of them children.
By April 26th, after a full week had passed, Kaz Hirai, head of Sony's gaming division appeared at a Tokyo press conference to unveil the company's tablet PCs. He expressed condolences for victims of the March earthquake, and talked at length about the new tablets. Not a word about the hacking attack. He left the stage without taking questions.
Twelve hours later, Sony dropped a bomb on its customers, revealing in a formal written statement that the names, addresses and birthdates of millions of customers, many of them children, had been stolen. Why didn't Hirai apologize for this in the news conference or days before? Did he really believe executive silence would allow Sony to save face?
Instead, Hirai hid behind a formal statement: "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility." Once again, Sony seemed to be denying reality. Then the company went on to suggest that customers should create credit card fraud alerts and watch for fraudulent charges.
By failing to take ownership of its story, Sony handed ammunition to its critics. George Hotz, a hacker who Sony had sued for posting code to enable gamers to play pirated games on PlayStations wrote on his blog:
"The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea."
Finally, on April 30th, Hirai and other Sony executives bowed before the press and said they were sorry. Nearly two weeks had passed before they had finally admitted the truth. Ten million credit cards may have been stolen -- the entire cache. Along with the records and birthdates of tens of millions of children. What began as a failure of security has become a colossal failure of trust.
Worse than the hacks themselves has been the disastrous effect of Sony's leadership breakdown. Sony's stock has taken a hit, and a class action suit has already been filed, charging the company with not taking "reasonable care to protect, encrypt and secure the private and sensitive data of its users." Boycotts are being threatened, and as the Wall Street Journal reported: "Now 77 million people are busy changing their passwords, cancelling their credit cards and worrying about identity theft."
Sony has two very big problems, and it's difficult to say which one is more serious. Today, how and when a company tells its ongoing story is arguably as important as innovation and customer service. They are all intertwined. Meanwhile, the crisis seems to be snowballing. On Monday, May 2nd, Sony revealed hackers had also penetrated Sony Online Entertainment and stolen credit card records. Veteran Sony watchers are already speculating in the press that the continuing blunders may cost Sony's CEO Howard Stringer his job.
Sony is in desperate need of honest, strategic storytelling. So far, this story has spun out of control like the nuclear crisis in Japan and the early stages of the Toyota safety scandal. Inaction and cover-ups only feed controversy, and the next few weeks will be critical.
Sony's competitors, not the least of them, Microsoft, smell blood. The video game industry is brutally competitive. Sony's executives are going to have to make some tough moves. They make action video games. But its about time Sony showed what any real gamer knows.
In real life or a game, a hero defines himself by his courage under fire.
Jonathan Littman is the co-author of The Ten Faces of Innovation and Art of Innovation. He's the founder of Snowball Narrative.