(Up to: Altruism )

Microsoft UK site hacked. Again.

Strikes me that there are two polar possibilities regarding the effect of shareholders having a stake in a public company, and them expecting return on their investment as a motivation for a company's attitudes.

In the case of companies being cracked, we have to take into account the trust relationship between the company and its consumers, and (equally importantly) the perception of this relationship by shareholders.

Depending on how this works out, we can surmise two rather different situations regarding the attitude of a company:

1. (As is traditional) The company sees that an exploited flaw is a weakness in their own credibility, which would cause shares to dip, and so they keep hush on either a) the fact that it happened, or b) how it happened.
2. The shareholders realise that the best way of doing business is by cashing in on trust between the consumer and the company. (People would rather spend more money if they know they can trust who they're buying from, rather than less money and risk getting scammed, for instance.) Thus a good trust relationship is good for business. Therefore, by keeping hush about what happened, the company is discouraging this trust, and possibly jeopardising company value. By actually being open about it, consumers have more trust regarding the company (if not the product?), and so are more inclined to deal with them.

Of course, both are true, but I think that much depends on the way the company presents itself in the first place, i.e. what the expectations from the company are initially.

A company that rationally argues that all software (for example) has bugs, therefore their own software probably has bugs, will likely benefit more if they are open and transparent when it comes to scenarios such as the above. But also vice versa - a company that claims it has no (or perhaps just less) bugs may profit up front, and possibly when something like the above happens. In either case, the exploit has already happened though.

It may be fair to say that the latter type of company, the secretive one, deals more in "promise" value than "reality" value, i.e. "we will do this", rather than "we do this". The first is better for initial, pre-tangible-offering fundraising, I suspect, while the latter may be more beneficial in the long term.

Unfortunately, in a progressive society, promises may count more than reality. Investors deal only with the future, not the present, and their worries come about only when the present may have influence on the future, not because the present has problems.