For CEOs, data breaches are expensive source of worry

In addition to guiding company strategy and keeping Wall Street happy with ever-growing profits, today’s chief executives are being held responsible for lapses in computer security.
By BREE FOWLER, Associated Press Published: May 6, 2014
Advertisement
;

Add hackers to the long list of things that give CEOs insomnia.

Target’s chief executive, Gregg Steinhafel, is the first boss of a major corporation to lose his job over a theft of customer data. His exit on Monday from the helm of the nation’s third-largest retailer shows that — in addition to guiding company strategy and keeping Wall Street happy with ever-growing profits — today’s chief executives are being held responsible for lapses in computer security.

Daniel Ives, an analyst for FBR Capital Markets, believes many CEOs will be placing calls to their chief information officers today, just to make sure their operations are as fortified as possible.

“Ultimately, it’s the CIO and the IT managers that are really more in the weeds,” Ives said. “But just like the head coach of a football or basketball team that doesn’t make the playoffs, the CEO is ultimately responsible.”

Steinhafel was in charge when hackers stole millions of consumer data records, including credit card numbers, names and addresses, from Target’s computer system last holiday season.

Target had been struggling with weak sales for several years and had run into problems with its Canadian expansion. But the breach and its fallout were big factors in Steinhafel’s departure, said Ronald Humphrey, a professor who studies leadership at Virginia Commonwealth University.

Humphrey believes that while a company’s CEO is responsible for data security, the issue can sometimes get put on the backburner, because it isn’t always recognized as a core part of operations.

“This is a wakeup call to CEOs that data security is something that affects their customers,” Humphrey said.

And if a breach does occur, a CEO needs to be able to show his board of directors that it didn’t result from a lack of resources devoted to data security, he said.

Continue reading this story on the...