A few months ago, I attended the annual AFR Business Summit. All the standard presentations. Mr Forrest told us that China is no threat, the PM told us we’ve had a wasted decade and he’s going to fix it, various business titans and potentates providing their take on a ‘challenging’ business environment and the ‘opportunities’ on offer, and some useful insights from the likes of the Reserve Bank Governor, former Treasurer Peter Costello and head of OECD, Mattias Cormann.
Towards the end of day two, when one can only assume the lesser highlights were scheduled, came Optus CEO Kelly Bayer Rosmarin. You know the one famous for having handled the Optus data breach with such aplomb that most media were calling for her head.
Imagine my, and I assume the organiser’s, surprise when “In Conversation with Kelly Bayer Rosmarin’ turned into a 20-minute speech by the (still) Optus CEO. One that basically adhered to the somewhat facetious maxim in the communication game of – when in a crisis, especially one largely due to your own fault or incompetence, first, be very sympathetic and say sorry it has happened (note the distinction between sorry something happened and sorry you are at fault), then, find someone to blame!
The Optus CEO told us all how hard her team work on intercepting thousands of daily online and data attacks – all except the one that counted, it would appear. She then lauded her team and by implication herself, for working long into the night to ‘fix’ the data breach, when in fact, she was at her country home and Optus took quite few days to admit they had a real problem, even then only at the prompting of federal authorities, and the team working so hard didn’t really fix anything. They simply confirmed who had been compromised.
She also told us that cyber security is a shared business community responsibility – nice way to share the blame. That neither the Federal Police nor the FBI has been able to track down the hackers – it’s not our fault, these guys are too good. That only about 10,000 customer records had been compromised – so why did state authorities replace millions of Drivers Licences. Finally, the coup de grace; to her knowledge no one had been harmed by the breach – how the hell could she know!
All in all, a stunning performance. One demonstrating total lack of recognition of the public perception of the situation, seeking to absolve her and her company of responsibility, trying to share the blame far and wide and basically denying the obvious facts. In fact, so arrogant, unself-aware and hubristic that the Australian’s Margin Call Editor, Yoni Bashan, wrote, the next day, “Optus CEO Kelly Bayer Rosmarin set a new benchmark for corporate arrogance in her speech to The Australian Financial Review’s Business Summit on Wednesday, when she cast blame on almost everyone but herself for the outcome of the telco’s cyberattack in September.”
How can CEOs get it so wrong? How can obvious failure be paraded as some sort of success and the gaining of ‘learnings’? How can there be no accountability for poor performance?
But it gets worse. Ms Bayer Rosmarin’s head of PR, Sally Oelerich – famous for a trainwreck interview on 2GB’s Ben Fordham Live (Google it) – was recently held up by a PR conference organiser as a keynote speaker able to provide ‘learnings from the management of the Optus data breach’. I’m sure she had ‘learnings’ to share, just as I suspect she had a hand in her boss’ ambush speech at the AFR Business Summit. `
However, two things trouble me. First, we again witness failure being turned into some form of example, perhaps even an heroic one. Second, such people are highly paid senior executives of major companies. They are supposed to know this stuff, not learn on the job. That’s for the interns to do.
Over the last few years, I’ve heard about the latest three letter acronyms that are supposed to make companies better performing and contributing community participants. There was CSR – Corporate Social Responsibility – nice idea and basically another name for corporate philanthropy that has been going on for ever. Then came ESG – Environment, Society & Governance – essentially a fancy way of buying into the green push, giving away some money and not stealing from shareholders. Now we have DIE – Diversity, Inclusion and Equity – basically a cover for quotas and manufacturing equality of outcomes.
Perhaps it is time we return to some key principles, covered by an acronym I’ve just made up – CRA – Competence, Responsibility & Accountability.