[Case study] Who Should Take the Fall?

The case study published in the Harvard Business Review 2015 July/August issue deals with SimplePay a mobile-payment company who has been hacked (consumers’ e-mail addresses were obtained). The board chair now urges the CEO that somebody has to be held responsible for (i.e. fired). The hack has slowed down app usage. Firing somebody related to the hack, would, so argues the board chair show the public that the company does take the breach seriously and also that some serious action was necessary because the company is not getting new customers, already one week after the incident.

At the center of the case is the question whether the CEO should resign.

I say no:

• Although many customers might see that CEO as the company’s face and thus the responsible guy for everything, there is not guarantee that this will increase customers’ trust.
• It will, however, certainly decrease the company’s internal stability
• In case the CEO resigns, focus would have to shift to finding a new CEO — sales, marketing and other operational activities will stop

Although the board does require somebody to leave, it must not be the CEO.

It should rather be somebody from the technical team, e.g. the CIO. Although, as mentioned, the CEO is often the face of the company, for many customers it would not make much of a difference if somebody less representative of the company leaves it. If the CIO leaves and the company can understandably transmit why this makes sense, many customers would gain trust again. (Investors, however, might have a different view)

Alternatively, I believe that adding new security features would not only retain trust but also increase customer value. From my point of view the better solution.