December 2014 Worst in Governance
The end of the year is usually a prosperous and celebratory time for Hollywood. That’s when studios unveil eagerly awaited blockbusters and critically acclaimed movies. Millions flock to theaters during the holiday season. But this year, box-office receipts and award nominations took a backseat to the darker story of a cyber attack at Sony and its tumultuous fallout.
After an apparent attempt at blackmail, a group of hackers released several troves of sensitive Sony emails, employee data, documents, and movies to journalists starting in November. The information raided from Sony’s servers revealed embarrassing behavior and racially insensitive language on the part of studio executives and raised the question about whether any important electronic systems in the private or public sectors are really out of the reach of determined hackers.
But more was to come. In December, the hackers (who dubbed themselves the Guardians of Peace) sent another message warning against the release of the forthcoming Sony movie “The Interview,” an insipid farce that imagines the assassination of North Korean leader Kim Jung-un. Unless Sony canceled the Christmas-day release of the Seth Rogen and James Franco vehicle, hackers said, theatres would face violent retribution. Shortly thereafter, Sony made a hasty announcement that it would abandon “The Interview,” a decision that was met with disapproval by President Barack Obama, Hollywood stakeholders, and free-speech advocates.
Starting with the questionable decision to produce a movie depicting the death of a current leader, Sony’s behavior around the hacking incident has illustrated leadership missteps at several junctures. When the hacking incident was first revealed, Sony was slow to recognize the magnitude of the situation, remaining publicly silent in the face of an escalating crisis. (And this was not the first time in recent memory that Sony has faced a devastating cyber attack and the theft of sensitive personal data.) Once Sony decided to take decisive action after the hackers’ threat, its panicky decision alienated its partners and appeared to abandon employees associated with the movie in favor of the demands of the hackers. Even though the studio eventually made the movie available in limited release and on-demand, the damage had been done.
Whether the attack ultimately came from North Korea or was orchestrated by a disgruntled former Sony employee, Sony’s bungled response to the hacking incident left a lasting impression of leadership failures. Of course, the situation was largely unprecedented and raised a host of questions about the responsibilities of Hollywood studios, freedom of expression, and the manifold vulnerabilities of companies to cyber attacks. But with the real possibility of more cyber attacks ahead, companies would be wise to take stock of Sony’s flawed response.