They say you can take the risk manager out of risk management, but you can’t ever take risk management out of the risk manager… Actually, no one says that, but it is true.
My early Christmas gift was a stadia membership and controller as part of the Cyberpunk 2077 launch. In watching the storm of activity around the launch, subsequent fallout and various attempts to address the issues, I could not help but consider the failure of the risk management process at the developer and think through some learnings.
The core issue, is that the game was launched on both PC/streaming platforms as well as console platforms at the same time (including current and previous gen platforms). The game turns out to be buggy across multiple platforms but borderline unplayable on previous gen platforms which is a significant portion of the user base (the new PS5s and Xbox platforms are experiencing availability issues).
Here are some thoughts/lessons learned:
- Your reputation is your greatest asset : CD Projekt Red (CDPR), the publisher of Cyberpunk 2077 enjoyed an enviable reputation as a maker of high quality and unique games thanks to the Witcher series. They traded on this reputation to push out Cyberpunk 2077 in early December (despite significant delays). However, as a result of the issues and mismanagement of the fallout, they are likely to have diminished the dollar value of the brand. As a business, we trade on our reputations all the time, in building partnerships, in dealing with unexpected issues etc. The tarnished reputation is not simply an investor concern, but it has a real impact on how the company conducts business and the value they can extract from some of those relationships. Businesses often give this the lowest priority when it comes to defensive scenarios (choosing to protect profits first), but reputational risk should be one of the highest priorities given the potential brand impact.
- Communication is critical : CDPR management notes that they were not aware of the materiality of the gameplay issue on previous gen consoles despite those consoles representing the largest proportion of players. Even if we ever so generously take this at face value (spoiler alert : very unlikely), it represents a colossal failure in risk identification and communication. Whether horizontal (cross team communication) or vertical (front line to management), open communication is critical to be able to size the risk and to mitigate the risk. If you discourage these forms of communication (i.e. staff afraid to communicate bad news to management or silo-ed teams), you set up a possibility for a very public and humiliating failure.
- Crisis management has to be careful and considered : In the wake of the debacle, CDPR management went out and quickly communicated that gamers of previous gen consoles who were unhappy with the gameplay could return the games (first to the outlet it was purchased at, but if that was not possible, directly from CDPR). The post was vaguely worded as to the exact refund terms, which should have been a warning. It turns out this “policy” was completely bogus, as the company quickly walked that back (probably due to investor pressure) to put the onus on retailers with respect of the refund policy. We now hear that whereas Sony initially honored returns, following the publication of this statement, they have stopped issuing refunds and are pointing customers back to CDPR. It is not yet clear if any refunds will be issued direct from CDPR. This made a bad situation worse. Crisis management has the potential to protect your brand in difficult times and even improve the brand perception overall, but bad crisis management can sink your burning ship quickly. I recall many years ago, where I was covering a Business Continuity role, we had multiple earthquakes occur in the country. Because of a robustly executed plan (credit goes to our Ops team), we were able to continue operation from alternate facilities and continue to process critical payments and trade transactions. This resulted in net new business, as customers acted as our promoters and our ability to continue operations made us stand out in a good way. Be careful in your crisis response, but act in a timely and coordinated fashion. This is only possible if you have a plan and coordinate with your service providers.
- Don’t burn your bridges (also, trust but verify) : In the wake of the botched release, questions were asked about how this release could have gotten past the gatekeepers (in this case, the console makers and their review process). It turns out that CDPR was given some leeway. Often issues will be identified in the early stages of submissions and review, but the console makers will allow an established company to continue, with the assurance that bugs will be patched before general release. In short, the console makers trust that gaming companies will fix errors, and therefore do not hold up the release timelines to verify that every bug is fixed. This trust system completely failed, and in exposing how this process works, CDPR has created concern among other stakeholders and will likely cause tightening of this review process for all participants. This will add to the release timelines of all game releases in the future. In all cases, trust but verify – both Microsoft and Sony’s reputations have also taken a hit (albeit smaller in comparison). Additionally, CDPR throwing the retailers under the bus means that future releases will face significantly higher hurdles from all retailers, as no one wants to deal with unhappy customers or laborious return policies. I suspect Best Buy has a few negative reviews on their “service” through no fault of their own! Finally, more than a few reviewers have been harangued for not testing on previous gen consoles. Don’t burn your bridges, because you will need to cross them again.
This has been an instructive event, for all ecosystem players. This could have been mitigated simply by releasing the PC/streaming/current gen versions first and holding back the prev gen console release till the major bugs were addressed. I suspect CDPR will get through this as will Microsoft and Sony. I expect that just like big scandals in banking or other industries, this incident will lead to more robust controls being put in place across the industry, particularly around QA and testing.
One additional interesting lesson is Google Stadia – they took advantage of this issue (since the gameplay is reasonable on Stadia), to grow their customer base. Given how critical it is to Stadia, I’d bet someone at Google tested the game inside out before launch, leading to a total win for them. In every industry event, the participants that planned and anticipated well come out looking like rock stars.
So, where does this lead us? Value your risk managers, they may one day save your hide. Risk Management practices like risk assessments, risk mitigation plans may seem like a pain especially to front line staff, but without those best practices and discipline, you are exposing your organization to potentially catastrophic events.
Happy gaming!
Update (December 18) : Right after this article was published, Sony indicated that they are pulling the game from the Playstation store and refunding all customers who request a refund. This is (as far as I am aware) an unprecedented step for Sony, and it demonstrates how impactful this event has been for all stakeholders.