Sony, Corporation, is in the process now of rebuilding its brand reputation after having to shut down its PlayStation Network on April 20, 2011. The shutdown was due to hackers infiltrating its network and obtaining the names, addresses, birth dates, and possibly credit card numbers of over 100 million users. Prior to the April 20th incident, Sony was ranked in the top 3 for electronic brands, but as the network became compromised, and the subsequent 26-day shutdown unravelled, Sony dropped below its gaming rivals at Microsoft and Nintendo. As a part of its damage control, Sony has “vowed” to strengthen its network by adding firewalls and additional encryption.
I am often asked, by prospective corporate client’s, why implementing a comprehensive cyber-security policy is so critical to its present-day business model? My response is to simply look at how I define the term data governance – a business practice focused on minimizing any potential significant deficiency or material adverse affect on the fundamental (internal/ external) controls and safeguards that directly influence a company’s valuation (not value). The loss to Sony’s brand reputation, as a result of the April 20th hack, is a “significant deficiency” that was “material” enough to influence its overall valuation.