Negotiations for the sale of the company, one of the largest technology companies in the world, are on-going. The negotiations have been promising, and a sale is likely to be secured in the next two months. A meeting with the chief information security officer, however, has revealed that the company has suffered a cyber-attack. The attackers have breached the company’s firewalls and months of investigations will be necessary for establishing the effects of the attack. The hackers could have obtained information on customers’ accounts such as customers’ email addresses, passwords, contact information, and dates of birth. The chief information officer is concerned that the company should delay the announcement of the security breach until after the confirmation of the sales agreement. A possible negative effect, of announcing the breach on the selling price of the company is the underlying rationale of the chief information officer. Even though the failure to disclose the security breach may ensure a desirable selling price for the company, it also has possible negative outcomes such as losses on the buyer and invalidation of the achieved sales. A decision is necessary on whether or not to agree to the request for a delayed announcement of the breach. A deviation from the advice of the chief information security officer, based on the moral rights, is adopted to the effect of announcing the breach, and the rationale is discussed.
The decision is to deviate from the recommendation of the chief information security officer and announce the security breach that the company has suffered based on the moral rights model. The moral rights rule, one of the applicable rules for guiding ethical decisions, focuses on the basic rights and liberties of people that decision makers should respect (Jones, George, Barrett, & Honig 2016; Ramirez 2013). The right to free consent (Hammaker, Knadig, & Tomlinson 2016, 13) and the right to be free from injuries are some of the rights that have been linked to the moral rule model to decision making. These rights result in such responsibilities as the responsibility to ensure the safety of all individuals in an environment and the responsibility not to interfere with the lives of other people. Moral rights are further defined as universal rights that include but are not limited to, legal and civil rights (Birsch 2013, 128). The concept of moral rights as claim rights explains the scope of the moral rights model of ethical decision-making, and the rights and responsibilities that can be associated with it (Birsch 2013, 129). The underlying assumption of the concept of moral rights as claim rights is the assumption of the existence of rules and principles that create universally acknowledged claims that people can make against others (Birsch 2013, 129). In addition, the claim rights concept identifies the role of value of people’s interest, which should be sufficient to create the sense of the need for an obligation among others. Privacy, liberty, and security are examples of rights that have been considered as moral rights (Birsch 2013, 129). The effects of moral rights, therefore and based on the perspective that Andrson and Tompkins (2015, 121), is the protection of the surrounding people from harm. Moral consciousness, into recognition of moral rights and responsibilities, informs moral judgments that then define moral intentions (Culiberg & Bajde 2013, 454, 455). The application of moral rights in decision making, for example, protect people’s resources from risks of abuse.
The case identifies rights of stakeholders that the moral rights model associates with the responsibilities of the company and its top management into the need for a disclosure of the cyber-attack. The potential buyer is one of the stakeholders and the company, through the manager’s decision, needs to protect it rights to information and safety. One of the rights that the prospective buyer has, under the moral rights model, is the right to free consent (Ramirez 2013, 127). The right, in turn, establishes the company’s moral responsibility to ensure accessibility of information that can guarantee free consent of the buyer. The right to free consent further relates to the right to be free from injuries that the moral rights model also establishes (Ramirez 2013, 127). A failure by the company to reveal information on the hacking exposes the potential buyer to the risk of future harm. Knowledge of the cyber-attack is also likely to affect customers’ perception of the company and even lead to a fall in the customer base. The outcome can then have negative effects on the profitability of the company to the harm of the buyer. The likely effect of the attack on the perception of customers and profitability of the company is consistent with the fear of the chief information security officer and puts the company at the dilemma of suffering the possible negative effects or transferring them to the potential buyer. The transfer can have negative effects on the life of the buyer, through financial losses, and this is contrary to the responsibility of protecting people from harm that the model requires.
The customers of the company define another group of stakeholders whose moral rights have informed the decision to announce the cyber-attack, based on the moral rights model. Emails and passwords are some of the forms of information that the hacker could have accessed, and these are important factors to the safety of the customers and their property. A failure to inform the customer of the possible risks to their security and the security of their property is an act of omission into compromising the safety of the customers and identifies the need for the announcement. The announcement is likely to help the customers assume safety measures that include changing their email addresses and passwords for accessing services from the company. Accompanying the announcement with information on the plans for preventing or managing the possible risks due to the hacking can also safeguard the company’s interest while protecting the rights of the customers. Perceiving the two groups of stakeholders as individuals around the company and taking care of their moral rights in the decision identifies the need for a moral approach to the dilemma (Andrson & Tompkins, 2015, 121). Even though the rights model approach focuses more on the interest of stakeholders than that of the company, it also promises positive outcomes of the announcement on the company, before and after the intended sale. The announcement can convey the honesty of the company to its stakeholders, and the resultant positive corporate image can improve stakeholder loyalty and satisfaction (Liat, Mansori, & Huei 2014, 320). A strategic approach to the announcement of the attack, with a focus on protecting stakeholder interest under the moral rights model, therefore, can also benefit the company in the negotiation process.
Other models of ethical decision-making exist, but their scopes do not offer optimal solutions to the problem. The Utilitarian rule that focuses on outcomes and justifies decisions with the maximum benefits for the majority of stakeholders is an example of the alternative models (Jones, George, Barrett, & Honig 2016, 130). A consideration of possible benefits and harm to each category of stakeholder, under the utilitarian rule, is necessary without regard to the rights of the stakeholders. Realizing a benefit to a majority of stakeholders disadvantages some groups and can be detrimental, especially if the disadvantages undermine moral values. A resultant negative image, due to undermined values can then translates to the negative effects of a negative corporate image and harm the stakeholders (Liat, Mansori, & Huei 2014, 320) that initially benefited from the made decision. The justice rule, like the utilitarian rule, focuses on the effects of decisions, which may fail to capture all effects (Jones, George, Barrett, & Honig 2016; Gaynor 2015, 254). It requires a manager to distribute, equitably, positive and negative consequences of a decision to involved stakeholders, though it does not define the principles upon which the desired fairness can be derived. Possible bias and lack of knowledge of guiding principles of fairness, therefore, can undermine equitable distribution of harms and benefits under the model into dissatisfaction among some groups of stakeholders. The practical rule that focuses on the consistency between the attitudes of the decision maker and the external stakeholders (Jones, George, Barrett, & Honig 2016) is also susceptible to controversies that could arise from selfish desires of individuals. The controversies can be detrimental to the company’s image and perceived value.
A dilemma on whether or not to announce a cyber-attack on the company exists and the moral rule model has been used to inform the decision. The model, unlike other models of ethical decision-making, defines the fundamental principles from which a decision can be made. It protects the interests of involved stakeholders, and even though the focus could threaten the interests of the company, it is likely to create a positive corporate image of the company. A decision to announce the attack, therefore, has been made and its protection of the interests of the company’s customers and the potential buyer promises a positive corporate image that can improve the perceived value of the company among the stakeholders. The announcement, therefore, could persuade the buyer to invest in the company of integrity or promote customer loyalty for a greater future value.
- Andrson, Kenneth and Paula Tompkins. 2015. Practicing communication ethics: Development, discernment, and decision-making. London: Routledge.
- Birsch, Douglas. 2013. Introduction to ethical theories: A procedural approach. Long Groove: Waveland Press.
- Culiberg, Barbara and Domen Bajde. 2013. “Consumer recycling: An ethical decision-making process.” The Journal of Consumer Behavior 12(6): 449-459.
- Gaynor, Gerald. 2015. Decisions: Finding your way through the maze. Hoboken: John Wiley & Sons.
- Hammaker, Donna, Thomas Knadig, and Sarah Tomlinson. 2016. Health care ethics and the law. Burlington: Jones & Bartlett Publishers.
- Jones, Gareth, Jennifer George, Marry Barrett, and Beverly Honig. 2016. Contemporary management. London: McGraw-Hill Education.
- Liat, Cheng, Shaheen Mansori, and Cham Huei. 2014. “The associations between service quality, corporate image, customer satisfaction, and loyalty: Evidence from the Malaysian hotel industry.” The Journal of Hospitality Marketing & Management 23(3): 314-326.
- Ramirez, Consuelo. 2013. Teams: A contemporary based approach. London: Routledge.