Because it bungled its initial response, by the time Sony finally did something right -- shutting down the network for a month and rebuilding it piece by piece, taking a huge financial hit in the process -- it got almost no credit for it, says Budd.
However, Sony may have learned its lesson, he adds. After thwarting attempts by hackers to access nearly 100,000 PSN accounts earlier this month, Sony got ahead of the crisis by reporting it quickly and in detail, minimizing further damage to its reputation.
So, if this is such a great idea, why isn't everyone doing it? Most organizations are focused on generating revenues, not on the bad things that might happen to them, says Budd. Crisis response can be expensive, and many companies simply lack the expertise.
"When people get in trouble, a lot of them automatically start acting like five-year-olds," he adds. "Their first response is to cover it up. It takes a certain amount of courage to go out on stage in front of a hostile audience and say, 'Here's the bad thing that's going on now.' It's easier to adopt a bunker mentality."
Essential IT Project No. 5: Gain control over social mediaLike iPads and iPhones, Facebook, Twitter, and their ilk are finding their way into the workplace whether IT officially endorses them or not. Organizations that aren't steering the social media bus are likely to end up with tire tracks on their backs -- and, worse, a real security nightmare on their hands.
"If you do not provide the means for business users to access social media, they will go around you," says Justin Kwong, senior director of IT operations and security at 24 Hour Fitness. "That's a worst-case scenario for a security professional, because instead of having some mitigated risk, you're fully exposed."
The project you want to own is bringing social media into the workplace in a way that benefits the enterprise without leaving it exposed to internal leaks, external threats, or embarrassment, says Meikle.
That means helping to create social media policies that define acceptable and unacceptable behavior on social networks, as well as the kinds of information that should never be shared. But even that won't work without first obtaining buy-in from top management.
"Effective policies for how to use social media must be governed and supported by senior management," says Meikle. "This will allow employees to engage customers at a far more personal level. And employees will understand the boundaries they are constrained by when these policies and tools are communicated and supported by senior management."
So, if this is such a great idea, why isn't everyone doing it? Corporations remain wary of social networks, says Meikle, in part because Web 2.0 security solutions are still relatively immature. Enterprises in heavily regulated industries like finance and health care face severe penalties for accidental data leaks, making them especially cautious.
Sign up for CIO Asia eNewsletters.