Q2 2021 Integrity Advocate
The Business of Cancel Culture
Cancel culture has become a polarizing topic of debate. To some, cancel culture is a way for collective action to effect change, balance power. To others, it’s a form of irrational mob rule. Whatever your stance, you know the scenario well, a public figure does or says something offensive, public backlash ensues, and he/she is then “canceled”–that is, ousted from office, endorsement deals rescinded, etc.
A recent example of celebrity cancellation involves Chrissy Teigen, supermodel, and wife of musician John Legend. She was recently called out for cyberbullying singer Courtney Stodden when Courtney was a teenager, including encouragement of suicide. When the story broke, Teigen experienced immediate backlash from fans and businesses cutting ties by pulling her “Cravings by Chrissy” cookware line from stores and nixing business deals in various capacities.
The cancel culture phenomenon isn’t reserved for public figures alone. Companies are also prime targets of criticism and backlash for wrongdoing or offensive behavior. According to a 2018 Edelman study, two-thirds of consumers worldwide will buy or boycott a brand because of its position on a social or political issue.[1] When a company is #canceled, it can ignite a public relations crisis and potentially hurt business.
Company Cancellations Quick and Painful
The fallout from being canceled is nearly immediate. According to a 2020 study of 100 corporate crises commissioned by real-time event and risk detection specialists, Dataminr, just 23 hours and 13 minutes separated the time between when a crisis event was first found and its peak in online discussions.[2] In addition to fallout happening in the blink of an eye, consequences of being canceled can be dire.
2020’s biggest brand cancellation, #CancelNetflix, is case in point. #CancelNetflix began trending on social media in response to a poster Netflix used to promote the film Cuties. Many viewed the poster and the film itself as sexualizing minors. While the lifespan of #CancelNetflix was short — it peaked at 42,426 tweets on September 10 (becoming Twitter’s top trending topic) and dropped below 500 tweets by September 18 — the effects were lasting. On Twitter, net sentiment took nearly two months to recover. A Change.org petition received more than 600,000 signatures, a Texas grand jury indicted Netflix over claims of child exploitation, and several federal lawmakers called for a Department of Justice investigation into the company.[3]
There were also major business implications. While other factors were likely at play, the stock price dropped more than 7% during #CancelNetflix and took almost a month to recover. People took action when Netflix cancellations increased 800% following the film’s Netflix debut, and total new subscribers were 1.2 million short of Wall Street expectations that quarter. In fact, that was the lowest number of quarterly new subscribers over the prior four years.[4]
How do Companies Avoid Being Canceled?
There is no definitive way to avoid being canceled because there are no rules to cancel culture. But, nearly three-quarters (73%) of Americans say they are less likely to cancel a company if it is purpose- driven.[5] So, the best thing a company can do is set core values and stick to them.
MPC does just that. Our Code of Business Conduct provides our core values–safety & environmental stewardship, integrity, respect, inclusion, collaboration.
These core values articulate our collective beliefs, guide our behaviors, and provide a framework for how we treat each other and how we conduct our business. The Code further defines expectations for ethical decision making, accountability, and responsibility for every employee at all levels of MPC, suppliers, consultants, and contract workers.
We ask that you read the Code carefully and remain diligent in your behavior, speaking and acting in ways that are consistent with our values and fulfill the obligations of our Code. This is our best defense against being #canceled.
[1] Edelman. Two-Thirds of Consumers Worldwide Now Buy on Beliefs. Retrieved May 20, 2021, from https://www.edelman.com/news-awards/two-thirds-consumers-worldwide-now-buy-beliefs#:~:text=Nearly%20two%2Dthirds%20(64%20percent,13%20points%20from%20last%20year [2] B. Howarth (2021, April 29). Managing brand reputation in the midst of cancel culture. CMO. https://www.cmo.com.au/article/688026/managing-brand-reputation-midst-cancel-culture/ [3] T. Lindell & S. Hendricks (2021, March 10). 4 Things 2020 Taught Us About Cancel Culture (And What to Do About It). Adweek. https://www.collemcvoy.com/news/pov/4-things-2020-taught-us-about-cancel-culture-and-what-to-do-about-it [4] T. Lindell & S. Hendricks (2021, March 10). 4 Things 2020 Taught Us About Cancel Culture (And What to Do About It). Adweek. https://www.collemcvoy.com/news/pov/4-things-2020-taught-us-about-cancel-culture-and-what-to-do-about-it [5] Porter Novelli. Business of Cancel Culture Study. Retrieved May 20, 2021, from https://www.porternovelli.com/wp-content/uploads/2021/01/990512-000_PN_CancelCultureReport_V5.pdf
Ransomware Growing Threat with New Target
Ransomware attacks are nothing new. They’ve been around since the first attack–the AIDS Trojan– in 1989. Since then, ransomware attacks have increased exponentially. According to Acting Deputy Attorney General John Carlin in a recent interview with the Wall Street Journal, by any measure, 2020 was the worst year ever when it comes to ransomware and related extortion events.
Maybe more alarming than the proliferation of ransomware attacks is their disturbing new target, critical physical infrastructure. During the first half of 2021 alone we’ve seen attacks on a major gas pipeline, one of the world’s top meat producers, a Florida city’s water supply, a ferry operator in Martha’s Vineyard, Cape Cod and Nantucket, and dozens of government agencies.
Attacks on critical physical infrastructure such as these can be devastating on people’s lives. The attack on the Colonial Pipeline (Colonial) is a prime example. It led to the pipeline being shutdown for several days, crippling the East Coast with localized fuel shortages, panic buying and a spike in gas prices. The effects were so impactful Colonial decided to pay the hackers nearly $5 million to regain access to their system.
DOJ Prioritizes Ransomware Threat
In the wake of the Colonial hack and escalating harm caused by cyber criminals, the U.S. Department of Justice (DOJ) is elevating investigations of ransomware attacks to a similar priority as terrorism.
DOJ Deputy Attorney General, Lisa Monaco, signaled such in a June 3, 2021, memo to federal prosecutors directing them to more closely track ransomware and share information about ransomware investigations in the field with a newly created Ransomware and Digital Extortion Task Force.
In the memo, Monaco refers to ransomware attacks such as that perpetrated against Colonial as underscoring the growing threat that ransomware and digital extortion pose to the U.S., and the “destructive and devastating consequences” ransomware attacks can have on critical infrastructure. “We must enhance and centralize our internal tracking of investigations and prosecutions of ransomware groups and the infrastructure and networks that allow these threats to persist,” Monaco wrote.
On June 7, 2021, the DOJ announced the new Ransomware and Digital Extortion Task Force’s first victory. According to the DOJ, the task force recovered more than $2 million paid by Colonial in ransom. “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge,” Deputy Attorney General Lisa Monaco said, when announcing the recovery. “But the old adage, follow the money still applies. Today we turned the tables on DarkSide,” she said.
Having obtained a warrant granted by a federal judge in the Northern District of California, the FBI on Monday seized proceeds from a digital “wallet” that held the ransom collected by the hackers, FBI Deputy Director Paul Abbate said. The ransom was paid in bitcoin, a form of cryptocurrency.[1]
MPC Cybersecurity Risk & Mitigation
MPC is the nation’s largest independent petroleum product refining, marketing, and midstream business, making our company and its assets prime ransomware targets.
All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.
–Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology
MPC’s Cybersecurity program protects against cyberattacks. Included in the program are robust policies and standards to protect our computer systems, data, assets, infrastructure and computing environments from cybersecurity threats, and to ensure continued confidentiality, integrity, and availability. In addition, incident response procedures and business continuity plans are in place and tested annually. To ensure preparedness, we conduct risk assessments, vulnerability analyses and targeted penetration testing throughout the year. We also use independent third parties to audit, assess and test aspects of our cybersecurity program.
MPC Employees Must Remain Vigilant
We all need to do our part to protect our business. It is everyone’s responsibility to understand how his or her behavior impacts the security of the company, including computer security.
Refresh your knowledge and understanding by reviewing Policy #6004 which outlines computer security responsibilities.
Also, because ransomware attacks are often carried out through phishing emails, we ask you to review these Phishing Program – Frequently Asked Questions.
If you have questions or experience any problems related to computer security, please contact the MPC Service Desk at 800-556-2444, or by email at [email protected].
[1] Nakashima, E. (2021, June 7). Feds recover more than $2 million in ransomware payments from Colonial Pipeline hackers. The Washington Post. https://www.washingtonpost.com/business/2021/06/07/colonial-pipeline-ransomware-payment-recovered/
It Happened Here
The following scenarios happened with employees at our company. Situations and descriptions have been edited to maintain anonymity and confidentiality.
Click arrows below to view the company response to the concern.
The Concern: Employee was seen yelling at and making physical contact with co-worker during shift.
The Response:
Investigation confirmed employee’s verbal and physical mistreatment of co-worker. Employee no longer works for the company.
The Concern:
Employee reported that their supervisor was sharing personal information about them with a member of the employee’s family.
The Response:
Investigation confirmed that the supervisor had in fact shared personal information regarding the employee. The supervisor was counseled on the matter and agreed not to share employee’s personal information in the future.
The Concern:
Employee was approached about a potential personal opportunity to serve as a member on a board of directors for another company. The employee reached out to HR to see if this would be a conflict of interest. HR engaged BI&C to review the opportunity and Policy #2006 - Conflicts of Interest.
The Response:
Upon BI&C’s review, it was determined the other company’s operations are comparable to a business in which MPC has an interest. Employee was advised of the conflict of interest and declined the offer. By seeking advice in advance, a potential conflict was avoided. This is a great example of integrity in action here at MPC.
Be an Integrity Advocate
Being an advocate is about speaking up not only about what may be wrong, but also about what is going right. Examples of ethical conduct should be highlighted and celebrated!
We invite you to help expand the scope of “It Happened Here” to include more positive stories of integrity in action in future issues of the Integrity Advocate by submitting instances of integrity in action to Business Integrity and Compliance, Room M01004 Findlay Campus or [email protected].