Why a CEO losing his job could be the best thing ever for data security

Target CEO Gregg Steinhafel steps down in the wake of last year's massive data breach. Could this be the tipping point for taking security seriously?

I don't know outgoing Target CEO Gregg Steinhafel. I don't know to what extent his actions or inactions had anything to do with the huge data breach at the well-known retailer last Holiday season, or with how the company dealt with the issue. In fact, there may have been nothing he could have done to help, either before or after the breach.

Steinhafel's resignation on Monday could be due to other factors as well as the company's crippling data security problems. But this report from the Wall Street Journal suggests otherwise:

The biggest worry for some Target directors and executives was the pending conclusion of a comprehensive report on the data breach. The report is quietly being distributed this week by Verizon Enterprise Solutions, a unit of Verizon Communications Inc., the investigator hired by the retailer, to Target's banking partners and credit-card issuers and it will document in detail the company's failings in cybersecurity, according to two people familiar with the situation. While it wouldn't single out the CEO, it would put a negative mark on a tenure already marred by the stumbles in Canada and online that manifested in poor 2013 financial results.

A silver lining?

In any case, I feel for the pain and angst involved when anyone loses his job, even a highly paid CEO who's unlikely to experience any kind of material deprivation (Steinhafel's exit will reportedly be smoothed with a comforting $37.8 million exit package). But I do feel that something good, something important, could come out of this unpleasant situation.

I'm hoping that Steinhafel's departure will be viewed - especially by folks in the executive suite - as a clear and unmistakable life lesson of the bad things that can happen if your company suffers a security meltdown, whether or not it's actually your fault.

No more Teflon CEOs?

That's a really big deal. American CEOs have rarely been held accountable for even the biggest mess-ups, much less technology-related issues. Sure, Target's missteps have already cost CIO Beth Jacob her job, recently replaced with high-profile security expert Bob DeRodes, who has been a senior technology adviser for the U.S. Department of Homeland Security and the Secretary of Defense, among other roles. But dumping a CEO over an information security issue seriously ups the ante.

If other chief executives are paying attention to the end of their peer's career, there's a chance that security will finally get taken seriously in the boardroom as well as in the data center. After all, if the ousting of the CIO and CEO of a major corporation - a household name - isn't enough to get the attention of top execs, it's hard to imagine what would be.

No silver bullet

One last point, though. Even if CEOs across the nation finally get security religion, that doesn't mean we're out of the woods. Many of our biggest security issues are structural and not easily solvable by individual companies, not matter how well intentioned. But it does mean that even the toppiest of top execs can no longer claim that info security is someone else's problem. And that has got to help.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies