Unforgiven: The Failed Apology of Equifax CEO Richard Smith
Even a perfect apology doesn’t vaccinate a company against fallout from corporate misbehavior. Two weeks after Equifax chairman and CEO Richard F. Smith apologized for a data breach that compromised the private financial information of 143 million people, the stock has plummeted 30%, two executives have been forced out, Congress is investigating, regulators are swarming, class action suits have been filed, and millions of consumers are up in arms.
Wait. Wasn’t a good corporate apology supposed to prevent such dire outcomes? Didn’t the company quickly apologize? Didn’t Smith issue a contrite video apology and then publish an apology in USA Today?
Not even the most immaculate apology (and Smith’s apology was far from ideal) can protect an organization from the consequences of its mistakes. What an apology can do is help the organization repair the relationships it damaged, avoid unnecessary costs, and build goodwill that allows the firm to learn from its mistakes and move on. Even perfect apologies have very real limits:
It’s not about what you do. It’s what you do about what you do. Equifax discovered the data breach on July 29th. The company alerted the public on September 7th. The six-week delay was bad enough, but then the company rolled out some slapdash mitigation tools that just made anxious consumers even more anxious. Nor did it help Equifax that in the days after it discovered the breach, three senior executives sold $2 million of stock. The company’s response to the breach became as much of a grievance as the data breach itself.
“THE COMPANY’S RESPONSE TO THE BREACH BECAME AS MUCH OF A GRIEVANCE AS THE DATA BREACH ITSELF.”
You can’t talk your way out of an event you acted your way into. Apologies are a critical part of corporate recovery, but words alone are not enough. The offending corporation must combine the apology with meaningful action. Sometimes that means financial restitution, contributions to charity, payment of big fines, executive resignations, and, in extreme cases, prison sentences.
An effective apology means that all parties get to move on. But not necessarily together. It allows the parties to put the hurt behind them and explore ways to move forward. Sometimes they can move forward together, but that’s not always possible. Sometimes the offense is so glaring that the parties decide to move forward in different directions. So far, chief information officer David Webb and chief security officer Susan Mauldin have retired, effective immediately. In the next few weeks, look for other Equifax executives, including the CEO himself, to announce they are also moving forward.
An apology is not cost-free. It’s just less expensive than the alternatives. Although mistakes are inevitable, a well-timed apology can defuse resentment, heal the parties, reduce litigation, and restore the relationship to a new footing so it sometimes emerges stronger than it was before. Such apologies are always expensive. Equifax skimped on the roll-out of its apology response and will now incur even more expense. The evidence is compelling: however costly, an effective corporate apology is less expensive than the alternatives of deny and defend.