Crisis Redo: Sony Pictures Entertainment Executive Summary

Public Relations Plan 1: Crisis Redo

Natalie Minuzzo, Ally Barclay, Jake Soffer, Seth Hague, Forrest Murphy

Our strategic public relations plan is focused on repairing Sony Picture Entertainment’s (SPE) reputation and dealing with the large amount of criticism they received related to their 2014 hacking crisis. The plan first talks about the entirety of what happened to SPE in 2014, timeline included, and how they used the reactive strategies silence, investigation and attack to handle the crisis. Next, we assess the repercussions that SPE faced and how we would have handled the situation as a public relations team. Our re-do plan includes the strategies pre-emptive strike, attack, and embarrassment, in order to potentially save SPE’s reputation. The plan goes into detail about how everything would be re-done, in what time frame, and what limitations may arise for our plan of action.

In November 2014, Sony Pictures Entertainment became the victim of a cyber attack that had large repercussions on the company’s reputation. The culprit of the attack was quickly determined as the government of North Korea. Their government had previously expressed anger about the upcoming movie, “The Interview,” that centers the plot around the assassination of North Korea’s leader, Kim Jong-Un. The categorization of this crisis would fall under the ‘victim crisis’ category. SPE’s first mistake was waiting a week to address the crisis to their key publics, their consumers and employees. Although SPE had been the victim in this situation, the way the company handled things created an even greater crisis. Several emails from the senior executives insulting some of Hollywood’s biggest stars as well as electronic releases of upcoming films were hacked. Things escalated quickly when SPE’s CEO fired its chief communications officer because said CEO’s husband advised her to. The emails were unfortunately leaked to the public soon after the CEO fired the chief communications officer. SPE then told the cinemas who were originally going to play “The Interview” that the choice was up to them to show it in their theatres, rather than taking on the responsibility of another crisis themselves. SPE hired lawyers and threatened TV networks with lawsuits if they revealed the embarrassing emails on television,

which only made said TV networks expose them even more (Eg:TMZ, Nancy Grace, BuzzFeed etc.). After the media attention began to dwindle, SPE lost over one-hundred million dollars throughout their crisis. Following that, SPE finally hired a PR team to handle the damage that had been done. However, as a result of waiting a week to address the crisis publicly, SPE’s key-publics and employees felt insulted on a personal level.¹ Apologies were not properly given to the employees affected by their loss of credentials. The faults of SPE sparked a story for news outlets, prompting them to investigate SPE’s mistakes even further. Consequently, as the events unfolded the media put a critical spotlight on SPE’s failure to communicate to their consumers and employees. In essence, SPE lost the trust of their consumers and employees, while the media contributed to the negative opinions surrounding SPE’s reputation.


Organizational Background

Sony Pictures Entertainment is based in America as a subsidiary of Sony Inc., which is controlled by the Japanese-based Sony Corporation. SPE produces and distributes motion picture, television and digital content to its global audiences. SPE had produced and distributed well-known films such as “Spiderman” and “Men in Black” as well as recent movie successes like “Concussion.”

According to Sony Picture Entertainment’s website, their mission is “to be a company that inspires and fulfills your curiosity.”² SPE strives to produce innovative new entertainment and to emotionally move its wide viewership. SPE targets a large public because they produce a wide range of films and shows for all ages. SPE has maintained a good relationship with its publics by proactively pursuing their corporate social responsibility. Their website includes a commitment to support arts and education, be environmentally responsible, and celebrate diversity. SPE proves their CSR through multiple programs and volunteer activities that they promote through their website and social media platforms.

The hacking crisis of 2014 is the largest crisis that the subsidiary of Sony Inc. has underwent. However, Sony Inc. had been subjected to a similar crisis in April 2011. Sony Inc. had over 100,000,000 of its users’ data stolen, including 77,000,000 of these users from the PlayStation Network. Similar to “The Interview” crisis, they mistakenly waited a week to address the public on the issue. Sony Inc. reacted to the situation with deliberate inaction instead of addressing it with the immediate promise of investigation and corrective action.
Crisis and Response Timeline (2014)

June 20

Kim Myong-Chol, executive director of the Centre for Korean-American Peace, speaks critically about “The Interview,” an upcoming comedy in which the CIA recruits two journalists to assassinate North Korean leader Kim Jong Un. Myong-Chol states: “There is a special irony in the storyline as it shows the desperation of the US government.”³

The Pyongyang government views “The Interview” as an undisguised sponsorship of terrorism and an act of war, as stated in a letter to U.N. Secretary-General Ban Ki-moon.⁴

Sony Pictures Entertainment reveals that it has been subject to hacking.

On Monday morning, staff members find that the company was hit with a malicious attack by a group of hackers. The group identified itself #GOP – Guardians of Peace -- on a threatening message it left on employees’ computers:

SPE bans some staff from using computers in its studio. The company also tells employees companywide not to connect to corporate networks or access company email. Sony’s IT departments instruct employees to turn off their computers and disable Wifi on mobile devices.

Shortly after SPE reveals it has been hacked, articles and opinions regarding the hacking of Sony’s PlayStation network in both 2011 and earlier in 2014 resurface on the Internet. Sony’s publics reacted bitterly to this crisis. With the resurfacing of bitter memories from similar security breaches, Sony is in a bad position with its publics.⁵

Nov. 25

SPE spokesperson Jean Guerin comments about the attack: “Sony Pictures Entertainment experienced a system disruption, which we are working diligently to resolve…We are investigating an IT matter.” She did not disclose any details about the cyber-attack. This could be seen as a defensive response since the company was fairly clueless about the details of the attack at this time.

Sony’s computer system is down for a second day. Emails sent to Sony Pictures are still bouncing back with an explanation that its email system is unavailable.

Nov. 27

Some of Sony’s new and upcoming films begin appearing on peer-to-peer sharing services. At this time, it is believed that Guardians of Peace acquired the never-before-seen content. Additionally, the group hacked several terabytes of private, internal data before deleting it all.

SPE starts investigating if the malicious attack is linked to hackers from North Korea. Links are drawn to previous comments the North Korean government has mentioned about the upcoming film. Sony’s email system is still down.⁶

At least five new Sony films have been put online. One of which, “Fury” was downloaded nearly a million times in just three days. Sony views this theft as a criminal matter. After issuing a statement on the theft, SPE hires FireEye Inc’s Mandiant forensics unit to help clean up after the cyber attack. This implies rectifying behavior, although it was implemented nearly a week after the first day of the crisis.

Thousands of salaries of SPE employees and executives are leaked in a spreadsheet. The spreadsheet includes home addresses, phone numbers and other personal information.

The FBI makes the following statement: “The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.” The FBI has joined the investigation.

Dec. 2

In response to yesterday’s events, SPE offers credit monitoring and identity-theft protection to employees whose information was leaked.⁷ This is another example of rectifying behavior on behalf of Sony.

By this point, Sony has acknowledged that the leaked internal documents are real. Still, the company is unsure of what information the hackers obtained and plan to release. This is somewhat of a diversionary response, seeing that there’s not much else the company could have done at this point.

Sony employees receive emails from Guardians of Peace, urging them to sign an objection to SPE and threatening their families.

Dec. 8

GOP releases a message on GitHub. In addition to denying involvement in the threatening emails, the group states: “Stop immediately showing the movie of terrorism which can break the regional peace and cause the War!” Sony links the message to “The Interview” and announces that no press interviews will be allowed at the film’s premiere.

Sony’s CEO uses a strategy of attack and releases a memo that will end up becoming public, stating that “this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have fully prepared.”⁸ This is a defensive response; the company admits with honesty that it was targeted and attacked against its will.

Meanwhile, a separate group of hackers attacked Sony’s PlayStation network today.

More personal information has been leaked, including the inboxes of SPE executives Steven Mosko and co-chairman Amy Pascal. Embarrassing emails are leaked, putting a negative spotlight on Producer Scott Rudin and Chairwoman Amy Pascal.

SPE is attempting to prevent further illicit downloads of its leaked films. Scott Rudin and Amy Pascal issue apologies, accepting full responsibility for their offensive comments on actresses, movies and president Obama.

Business Insider estimates that this crisis could cost SPE nearly $100 million.

Dec. 16

The Dec. 18 premiere of “The Interview” is cancelled in New York after the GOP issues threats. This is a defensive strategy that was most likely implemented for business and public safety purposes.

Carmike Cinemas cancels the premiere of “The Interview” at most of its theaters across 41 states. Several other theater chains refused to show the film.

Sony cancels the release of “The Interview,” issuing the following statement: “In light of the decision by the majority of our exhibitors not to show the film ‘The Interview,’ we have decided not to move forward with the planned December 25 theatrical release.”

Obama comments on the cyber-attack, saying it “is very serious. We’re investigating it. If we see something that we think is serious and credible, then we’ll alert the public.”

• 
  To increase positive responses from our own media’s consumers by 25 percent within 48 hours of the information release to the publics as measured by the response rate to our crisis on all major media platforms.
  

• 
  To generate a more positive attitude amongst our company by 50 percent by December 31 as measured by employee morale, feedback, and the turnover rate within company employment.
  

We would hire a public relations agency immediately after the crisis and before the greater public is aware; especially before all the terrible decisions that caused SPE to lose hundreds of millions of dollars and trust from their key stakeholders. The actions of the Chief Executive Officer, Amy Pascal, firing the chief communications officer was something they shouldn’t have done. Cancelling their new feature film, “The Interview,” and leaving it in the hands of the cinemas was, what the media evoked it as, giving into terrorism; even President Obama told SPE that they messed up by doing that. We would also have the series of press releases open and available to the public.

• 
  Crisis Reactive Strategy: “Pre-emptive Strike.” SPE waited a whole week to address the public on this crisis, and a pre-emptive strike strategy is only doable before the bad news is available to the public. SPE could have used this strategy well before the information was leaked. If this strategy were implemented, the whole crisis could have been shortened and the damages would have been far less severe. Using the “excuse” defensive response strategy, along with the “investigation” and “corrective action” rectifying behavior strategies within our pre-emptive strike, we could send a PSA to all major media outlets putting the blame on the hackers for our crisis we were undergoing; told SPE employees and consumers that SPE is currently investigating trying this whole ordeal and will take the necessary steps in order to ensure the safety and well-being of SPE employees and consumers. Emphasizing to the publics that it was a situation that was out of our control would have also validated this reactive strategy. Furthermore, in their past crises, SPE waited a week to address the public as well, so this time they should have known that this was too long to address this crisis.
  

• 
  Tactics: Develop a premade press release that addresses that there was a breach in information in the company’s database with a public relations firm that would be accessible in times of crisis. Address to SPE employees and consumers that SPE is currently investigating this hack, and will make sure that SPE employees and consumers are aware SPE is taking taking every precaution throughout this crisis to prevent this from ever happening again. This press release would be sent out within 12 hours to the various publics via major newspapers, magazines, and social media platforms.
  

• 
  Crisis Reactive Strategy: “Attack.” The country of North Korea was blamed for the information hack on SPE. An attack strategy conducted by SPE would help alleviate criticism and potential future attacks on SPE’s informational data base by publicly stating that North Korea is attempting to impugn SPE’s reputation over a satirical movie produced by SPE. If this strategy were implemented, North Korea would have limited response methods and would most likely retreat from the whole ordeal. This strategy would not only start the healing process of SPE’s reputation, but would also weaken the impact of scrutiny if it were executed well. This strategy would only be utilized if we know who the original attacker is.
  

• 
  Tactics: Develop a premade press release that would address the informational breach, and who’s to blame. This press release would be released via social media platforms, and news agencies within 12 hours of the crisis. We would use an identification message appeal strategy in this case, using ethos as our message source. The identification message appeal would clearly identify North Korea, who already has a poor reputation among a greater portion of SPE’s target audience (employees and consumers), and bluntly state North Korea’s intentions -- prevent SPE’s movie “The Interview” from being released. Using an ethos message source combines our target audience's perception of SPE and the common ground shared between them, which in this case would be the similar views on North Korea.
  

• 
  Crisis Reactive Strategy: “Embarrassment.” Another offensive response, embarrassment attempts to “weaken the opponent's influence by using shame or humiliation.”¹⁰ In other words, SPE would use this strategy to weaken the influence North Korea holds after the informational hack. A perk the Embarrassment strategy contains is the ability to grow with little to no reinforcement after enacted. If this strategy is implemented, SPE would be able focus on other demands, such as developing a stronger firewall security system, employee relations and consumer relations. This strategy would best be used when we know who the original attacker is.
  

• 
  Tactics: Develop a statement that would address the crisis and whom is to blame, then specifically address why they are to blame; this would cover North Korea’s hack into the SPE informational data base, how many people were effected through this hack and how so, the ridicule North Korea expressed over SPE’s new movie “The Interview,” and the little “reward” North Korea attained through this hack. Addressing why they are to blame in great detail is to ensure that this strategy does not backfire on SPE in any way. It also utilizes North Korea’s strengths against them, pinning them as a bully. Using the identification message appeal -- puts a “face” to a message -- in this strategy would create a stronger relationship between SPE and its consumers through the mutual perspectives they have on North Korea. In turn, this would prevent any potential backlash on SPE and make the embarrassment strategy stronger. Furthermore, would also implement the empathy message appeal too. This message appeal tries to get the target audience to empathize for those affected; SPE would use this message appeal to seek empathy from its consumer audience towards its employee audience. This statement would be released during the press conference after the premier showing of “The Interview.”
  

We would immediately alert our employees and consumers the day of the hacking. We would be sure to enclose to SPE’s employees that social security numbers had been hacked and the necessary precautions were being issued. Using the “excuse” defensive response reactive strategy, we could release a press release to our consumers telling them that the hacking was out of our control in order to minimize SPE’s responsibility.

Alert the public that SPE is issuing an immediate investigation of the hacking. Continue to monitor any new information that could damage the brand’s reputation through social media outlets like Facebook and Twitter.

Assess any information that may be leaked and prepare pre-emptive strike statements that would express that we have been attacked and the matter was out of our hands.

Five new SPE films have been put online. We would release the statements that were prepared and express to our target publics -- SPE employees and consumers -- that we are the victims and are doing our best to control the situation.

On top of identity-theft protection to SPE employees whose information was leaked, extra measures including the protection of said employees’ families would be taken. Protection of every entrance to an employee’s life would be essential at this point in the crisis.

Release a statement via media outlets that “The Interview” is still under review in terms of its premiere. SPE did not address the situation of the release of “The Interview” early enough in the crisis, and it would of helped publicity to show the publics that we were dealing with things more efficiently.

Stricter measures to enforce the prevention of illegal downloading of SPE films would be issued. Improved security and focused tactics could have prevented such large losses. In reality this crisis caused around 100 million dollars to be lost because of the leaked SPE films that were downloaded throughout this crisis.

Re-analyze our target public’s perspective and attentiveness on the hack via social media platforms the PSAs were released. Make changes as seen fit via formal statements from CEO via same social media platforms.

Release a statement via SPE’s twitter account regarding box office results regarding “The Interview.”

Our plan of action is to properly communicate the information regarding our crisis in a timely manner to our stakeholders -- SPE employees and consumers. We are focused on protecting the reputation of Sony Pictures Entertainment and minimizing negative responses. Our first plan of action is to hire a public relations team that will be able to deal with the crisis before it gets leaked to the public. One strategy that we chose was “Pre-emptive Strike.” This strategy’s goal was to handle the crisis before it was public information. Therefore, this strategy would be successful because we could better control the information going out, specifically with a series of press releases to our latent publics to inform our stakeholders. However, the minor downside to this strategy would be if somehow information was leaked to the public; that is always a possibility. Still, we would promptly put out a press release and be working on the crisis itself. To emphasize, our intention for this strategy is to protect the reputation of Sony and to also generate positive responses from our stakeholders. Another reactive strategy would be “embarrassment.” This would be successful because SPE would play the victim role and hopefully it would take the negative pressure and spotlight off of SPE. Technically, this strategy is valid because in a legal sense SPE did not do anything wrong. For this, we would tell our stakeholders that we are very embarrassed because of this crisis, and we hope that this will influence sympathy from our stakeholders. Unfortunately, some stakeholders may still disagree, and we could come off like we are avoiding taking responsibility for some of the attacks that occurred. By formulating the press releases correctly, our message to our stakeholders should be clear and agreeable. Our last reactive strategy is the “attack” strategy. This strategy bluntly calls out North Korea on their actions which would help alleviate negative attention on SPE and rather turn it onto North Korea. The only downside to this strategy is we need to know who the original attacker is definitively; if we don’t then this strategy will come back to ruin SPE’s credibility and further damage its brand.