Skip to Main Content
May 05, 2014

Target CEO Resigns - Impact of a large data breach

Written by David Kennedy
Just announced today was the resignation of Target's CEO Gregg Steinhafel (TGT currently down -3.15% today) who was most notably the point person on communication for the massive breach of millions of credit cards. Target's Chief Financial Officer John Milligan will step in as interim CEO in the meantime (source: Wall Street Journal). What is particularly interesting from an Information Security (INFOSEC) standpoint is how far the data breach extended to upper leadership on the executive level. The Target breach for many was a major inconvenience however the breach did have a monumental impact on the brand and in turn sales. We saw almost immediately the Chief Information Officer (CIO) Beth Jacobs stepped down in early March however it is unusual for upper executives. Especially the CEO to be heavily impacted due to a data breach. This is largely a wakeup call that during a breach, a review of how things are handled before, during, and after will almost always occur. It's never been important for complete security integration into the business and something that needs to be apart of a companies daily operational driver. The impact a large scale data breach like target can have on any company has long lasting effects. This precedence with Target should be a wake up call for executives inside any size organization and the resonating effect something like this can have. As an industry we need to communicate the risk and importance of not focusing on high-risk issues and remediating them as quick as possible. Having worked for large Fortune 1000 companies, if we do not communicate the business impact of not addressing certain areas of risk - we have failed. INFOSEC is in a unique position right now to move in the right direction and focus on building a program thats effective and one that focuses on stopping large scale attacks. The tips from this is we need to be in front of the business communicating what risks we have, what we need to do to address them, and in the event the business decides not to - it's their choice and will take a large share of the liability when an incident occurs.