Restoring Faith in the NASDAQ

Feb 8th, 2011 | By | Category: Featured Articles

restoring faith in the nasdaq, Nasdaq PR, crisis communications, Nasdaq security breachThe communications personnel that work for NASDAQ OMX, a New York-based public company that owns and operates the NASDAQ, must have been scrambling on Saturday. The Wall Street Journal revealed over the weekend that the company had discovered that hackers had infiltrated the computer systems of NASDAQ OMX. The part of the system that handles trades, however, was not affected by the breach. Only a web-based dashboard application called Directors Desk was infiltrated. This application is used by about 300 (according to some reports) corporate executives/directors to share confidential documents and information.

The media frenzy that has resulted in the security breach has been remarkable and expected. The NASDAQ is the biggest securities market traded electronically in the United States with over 2,800 companies listed. NASDAQ OMX also owns and operates seven other European stock exchanges. The potential repercussions of a security breach could have been enormous – impacting not only the US but several other European countries, at a time when the world is only beginning to recover from a major recession. The Company was compelled to put out a statement which stated that stock trading was not affected and that no customer data was compromised.

In the long term, the company will recover. Luckily for them, the trading system was not penetrated and exchanges and traders confirmed that they will continue business on the NASDAQ as usual. Security attacks happen all the time, across all industries, just look at WikiLeaks as a prime example. The Financial Times reported that “Breaking into an exchange’s trading system would be extremely hard… because exchanges have developed multiple layers of security to stop that happening. They involve complex software protocols and the use of algorithms that constantly, and randomly, change security codes.”

On the other hand, the NASDAQ case brings to the surface additional concerns for PR professionals. The company did not state when the breach actually occurred. One report in the Wall Street Journal (WSJ) said that the company discovered the malware in October 2010 already, and notified law enforcements. Other reports state that investigations have been going on for the past year. The U.S. Department of Justice however requested that the company refrain from notifying their customers until February 14th. Unfortunately, they were forced to “notify” their customers a little bit earlier. Only once the WSJ had revealed the story, the PR folks crafted their statement to the public. Had the WSJ not broken the story first, the Company probably would not be facing the substantial PR crisis it currently finds itself in. The Company would have notified its customers directly; the reports in the media would have been minor in comparison, and the next day, all would probably be forgotten (since, if the facts are true, not much data was affected).

Crisis communications 101 dictates that the source revealing the crisis should be the very organization experiencing the crisis. The media is never the best way to hear about bad news. In this case, NASDAQ OMX should have been the source for the security breach – not the WSJ.

In the meantime, all hope is not lost, at least for those PR folks representing trading companies. This particular crisis prompted Senator Robert Menendez (D., N.J.) to request on Monday that the Securities and Exchange Commission re-examine “what policies, if any, are in place concerning when exchanges and other trading companies are required to publicly report information on security breaches.” Let’s hope that his initiative generates results.

Living in Israel, I understand the critical importance of security and how reporting anything in the media can compromise investigations and safety. However, winning the “media battle” is just as significant and vital in swaying the opinions of your audience. There has to be a better way of informing your publics when a crisis strikes and maintaining the balance between trust and security. As Mr. Menendez said in a letter to the SEC, “NASDAQ’s public acknowledgment this weekend of a breach came only after the Wall Street Journal reported on it, despite the Department of Justice’s interest in the matter.” What a shame for NASDAQ OMX – it only had 10 days to go…

Tags: , , , ,

Leave Comment