Data breaches: A new source of worry for CEOs

Published on NewsOK Modified: May 6, 2014 at 3:23 pm •  Published: May 6, 2014

NEW YORK (AP) — Add hackers to the long list of things that give CEOs insomnia.

Target's chief executive, Gregg Steinhafel, is the first boss of a major corporation to lose his job over a theft of customer data. His exit from the helm of the nation's third-largest retailer on Monday shows that — in addition to guiding company strategy and keeping Wall Street happy with ever-growing profits— today's chief executives are being held responsible for lapses in computer security.

Daniel Ives, an analyst for FBR Capital Markets, believes many CEOs will be placing calls to their chief information officers today, just to make sure their operations are as fortified as possible.

"Ultimately, it's the CIO and the IT managers that are really more in the weeds," Ives says. "But just like the head coach of a football or basketball team that doesn't make the playoffs, the CEO is ultimately responsible."

Steinhafel was in charge when hackers stole millions of consumer data records, including credit card number, names and addresses, from Target's computer system last holiday season.

To be sure, Target had been struggling with weak sales for several years and had run into problems with its Canadian expansion. But there's no denying the breach and its fallout were big factors in Steinhafel's departure, says Ronald Humphrey, a professor who studies leadership at Virginia Commonwealth University.

Humphrey believes that while a company's CEO is responsible for data security, the issue — much like worker security or environmental contamination — can sometimes get put on the backburner, because it isn't always recognized as a core part of operations.

"This is a wakeup call to CEOs that data security is something that affects their customers," Humphrey says. "If you've had your identity stolen you know it's a huge headache. I think they have to take this very seriously."

And if a breach does occur, a CEO needs to be able to show his board of directors that it didn't result from a lack of resources devoted to data security, he says.

Minneapolis-based Target Corp.'s computer systems were infiltrated by hackers who took 40 million debit and credit card numbers, along with the personal information of as many as 70 million people.

Target revealed in its fourth-quarter earnings release in February that it incurred $61 million in breach-related expenses. After the company received insurance payments, its net expenses for the hacking incident were $17 million. The company is expected to report additional charges when it releases its first-quarter results later this month.

Continue reading this story on the...