The ripple effect continues to haunt Target: It’s expected that seven of its board of directors members may be replaced because they failed to provide effective oversight into the corporation’s data-protection risks. Boards simply need to be more proactive in safeguarding their companies against data breaches.
Institutional Shareholder Services (ISS) prepared a report on the Target data breach and aftermath. The report states that Target’s board members should have been kept in the loop pertaining to protection of sensitive information and what a breach could mean to brand reputation and customer loyalty.
“The company acknowledged the need for more stringent internal capabilities to identify potential risks with less reliance on external reports which suggested the systems were robust enough,” the report says.
The report concludes that Target failed to prepare for keeping up with today’s cyber threat technology, and that this failure comes from the audit and the corporate responsibility committees.
ISS says that these committees are responsible for being in charge of risk assessment and management. This includes the risk of fraud. The inadequate oversight in these areas paved the way to the disastrous data breach.
The ISS report should be a wakeup call to board members of all businesses. Board members need to realize the importance of directing more time, energy and money toward improving security programs.
Though the dismissal of seven of Target’s total of 10 board members may seem radical, it also has a fair degree of rationale because it sends the message that boards and senior executives need to be held accountable for their company’s cyber security.
Boards need to be practically fused with their organization’s IT experts and executive team so that they have an intimate knowledge of the steps a company is taking to protect customer information—even if none of the board members are security experts. The ramifications from poor handling of a data security incident are now things that even board members must be aware of and work to prevent.
Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Data Breaches Equal Job Loss
Is it coincidence that Beth Jacob CIO resigned from her job as chief information officer of Target Corporation? Or could this possibly be connected to the data breach that slammed Target in December of 2013, affecting as many as 70 million customers? Being a CIO is no easy task, especially when you have thousands of
- Risk Reduction: #1 Concern of Bank Boards
The Bank Director’s 2014 Risk Practices Survey reveals some very interesting information about the risk management programs that bank boards have in place. It’s classically challenging for many banks to assess how risk management practices affect the institution. However, banks that have worked at measuring the impact of a risk management program report favorable outcomes on
- SEC comes down on Breached Companies
If you’re wondering if businesses, who’ve been targets of cybercrime, have been properly handling the fallout, you have company: The U.S. Securities and Exchange Commission. The SEC is investigating this very issue. Key Questions Include: Did the businesses adequately protect data? Were investors properly notified about the breach’s impact? One of the companies being investigated is Target Corp. The SEC,
- Data Breach Response Planning 101
Don’t think in terms of “if” you’ll suffer a data breach, but rather, “when.” Once you establish this mindset, it’s time for you to develop a response plan. After all, a security system that’s impenetrable has yet to be invented. What’s even more, an amazing number of businesses don’t even have the best security system available.
- Hacking 2015 and Beyond
2015 brings us no closer to putting the lid on hackers as any other year has. The crime of Criminal hacking will prove to be as big as ever in the new year. Here’s what we have to look forward too: Bank Card Breaches There will always be the bank card thieves, being that stealing data