Please help me answer the questions from this case study:

Dish Network (henceforth Dish) experienced a ransomware attack on February 23rd , 2023 that led to an almost 50% decline in firm value by May. A series of events would follow the critical incident, where Dish first notified the US Securities and Exchange Commission (SEC) four days later. Yet, Dish waited almost three months to directly notify customers a breach exposed their personal information.

Timeline of Events and Stakeholders Summary of events following the Dish ransomware attack (2023). February 23rd: Outages from ransomware attack; stock closes at $13.76

February 26th: Outage prohibits some employees from returning to work

February 27th: Dish reports outage to SEC; stock declines by 6%

March 15th: Dish remains silent; stock declines by 29.2%

~May 22nd: Dish begins notifying customers; stock declines by 49.3%

According to Clark, in an ironic twist, the outage started around the time that Dish was set to release its earning for Q4 and fiscal year 2022 leaving shareholders on the February 23rd earnings call unable to access Dishs financials online. Annual results were impressive, with Dishs net income improving from $552 to $936 million compared to 2021. On the call Dish CEO Carlson shared Were analyzing the root causes and any consequences of the outage, while we work to restore the affected systems as quickly as possible. Dishs stock closed bullishly at $13.76 on February 23rd, demonstrating continued confidence among investors.

Three days after the outage occurred, many employees were unable to return to work because, like customers, they could not access Dishs systems, phone and online. With news of the internal outage lingering, by the end of February 27th , 2023 the stock price had declined by over 6%. The same day, the firm reported to the SEC that internal outages were the result of a ransomware attack with customer data likely extracted. Bank of America took notice, issuing a double-downgrade to Dishs stock and predicting that shares could bottom-out around 20% down. On February 27th , a company spokesperson made an announcement that the internal outage was a ransomware attack and that certain data was extracted. Notably, this announcement did not come from CEO Carlson or another member of the leadership team.

Outages impacted customer service telephone lines and online systems, leaving customers unable to pay their bills, cancel their accounts, access HD channels, and link to their Dish account to stream online. Sling TV (an online streaming service) and Boost Mobile (a pay-as-you go cellular phone service) were among the other Dish brands impacted. Customers flooded Downdector (2023) to: (1) report network outages and (2) express their disappointment and disillusionment with Dish. Hundreds of comments from throughout the United States like those from Lorraine and Ladybug91 flooded the forum:

Lorraine (March 2023): I cannot even get on the web site in my area. What is going on? Is anything being done? Complaints answered?

Ladybug91 (March 2023, responding to Lorraine): Doesnt seem to be any[sic] who cares. Ok, dont pay your bill since youre not getting service. What will they do, cut off your service? Havent they already done that and they dont seem to be working on getting services restored anytime soon. Infuriating!

As of March 15th , the ransomware outages persisted, yet Dishs CEO and spokesperson remained silent. Likewise, the stock remained on a downward trajectory, ending the day at $9.88 a share, a 29.2% decline from the day the breach occurred. Customer service eventually regained access to Dishs systems (e.g., phone service), which was of little consolation to customers who reported wait times of over 14 hours. After roughly three months, Dish finally contacted the roughly 300,000 impacted customers via letter: We have since determined that the extracted data includes some of your personal information. We are not aware of any misuse of your information, and we have received confirmation that the extracted data has been deleted. Nevertheless, we are writing to notify you of this incident and to provide you with the information and resources contained in this letter, including the details of an offer for free credit monitoring through our vendor TransUnion.

Throughout the events that followed the ransomware attack, Dishs CEO and spokesperson left customers in the dark citing security concerns. By the time Dish confirmed the breach to customers, investors had joined customers to observably demonstrate displeasure with Dish (i.e., the stock slid by 49.3% on May 22nd). The (in)actions of CEO Carlson and others at Dish (e.g., customer service, spokesperson) left customers and investors disillusioned, raising serious concerns about Dishs role in exposing stakeholders to multiple risks (e.g., data breach, stock decline). It was obvious that Dish would need to take drastic action to rebuild trust among the stakeholders and turn the company around.

QUESTIONS:

Question 1: Do you think it is ethical that Dish Network initially labelled the ransomware attack an internal outage? Why or why not?

Question 2: What are two feasible corporate-level strategies that Dish Network should undertake? Why?