Security Case:
Dilemmas: The major security dilemma will come from our wanting to rush to the market with our Internet site. We feel that we are prepared as a company to expand from direct and storefront sales into Internet sales. A few of us also feel that if we don’t move very quickly and decisively, we will lose our "window of opportunity".
Ken E. Sellit: We have to do this NOW! My salespeople are losing sales because we cannot support the business from an Internet perspective. This initiative would explode E-kin from a small regional company into the national marketplace. We’ve paid our technology people to research the security side of our e-commerce situation and we don’t have to be 100% sure of it. As long as we know it is secure, there is no way we would ever be 100% sure!
CIO: The reputation of our company is at stake as we look to roll out the Internet initiative. If we are not completely confident that we have airtight security on our website for purchases, we cannot jeopardize our customers. It will take at least another 4 to 6 months to thoroughly test our procedures and processes.
CEO: The Internet expansion opportunity we are presented with could have a major impact on our company. If we are to put ourselves in a position to raise venture capital, expand our company and look to go public, we have to not only increase our local market share, but also open up new markets. Internet capabilities will propel us into new geographic regions, increasing volumes and profits. I do not however, want to compromise our corporate standards. We have built this company on quality products and high levels of service. I do not want to see all the years we’ve spent building a solid reputation dashed by a few errors in security via Internet sales. How much revenue are we talking about?
Ken: It could double our current revenue from where it is today within just six months, but after that it the possibilities are limitless in terms of volumes and profit!
CEO: And if we don’t roll this web site out today?
Ken: We will lose all the possible sales and most of our current customers to the competition that has just come out with their own website.
CIO: We would be making a big mistake by rolling this service out so soon! We’re not ready. At this point in time we are not comfortable with the security measures of this site. There are too many hackers out there that could expose our weak defense.
CEO: What’s the worst thing that could happen if we rolled it before we were 100% ready in terms of security?
Ken: We’d make a financial killing!
CIO: We’d be the ones getting killed. First and foremost our credit card firewall is so weak that professional hackers would easily be able to hack in and steal that information. You wouldn’t want the negative publicity that goes along with that, would you? It could cause people not to trust us long term and our sales could plummet. How are you going to spin that when it happens Ken?
Ken: Your just pulling this scare tactic so that you won’t look bad in case something does happen. Covering your backside isn’t the way we intended to run this company! If we want to grow we have to seize this opportunity now! If we’re second or third, we may as well stay a brick and mortar, small time shop that nobody knows or cares about.
CEO: How long until you feel secure about our system CIO?
CIO: To be 100%, it could take about 6 months.
Ken: That would destroy any hopes of growing this company to where we want to be. Six months is an eternity in cyberspace. We need to take a leap and try to catch up in the mean time. It’s risky, but everything has some risk involved in it. This great opportunity is worth the small amount of risk associated with it.
CEO: Let me think about what you’ve said and I’ll have my answer to you by tomorrow.
Questions for E-commerce E-kin Security Case
Question 1. If you were the CEO of E-kin would you seize the opportunity presented by a new website or hold back until you felt more comfortable with the security of the site? Why?
Question 2. Elaborate on why you believe this is a business question, ethical question, or a combination of the two.
Question 3. Is there a financial threshold at which it makes sense to take some risk on web site security in this case? How would you determine the threshold? Explain your answer.
Question 4. Whose responsibility is it to ensure that proper website security exists, the consumer or the business? Why?
Question 5. Is Ken E. Sellit acting in an unethical manner in this situation? Why or why not?
Question 6. Should government regulate website security? If not, who should?
Question 7. What is the relationship between security and ethics in e-commerce?