$162-Plus Million Target Data Breach and What it Means for All Companies
On February 25, 2015, Target announced that it has booked $162 million in expenses between 2013 and 2014 related to its data breach, which affected some 70 million customers. This number does not include whatever the company may incur as a result of class action lawsuits filed as a result of the Target data breach. In January, a federal judge gave plaintiffs permission to proceed with their class action case against the company. These figures also certainly don’t include wider damage to its reputation with customers; nor does it include the ramifications for CEOs and other executives.
Data security issues and threats have been relegated to the IT department in the past. However, as we have seen from the data breaches at companies like Target, Anthem, and Sony, they have such direct consequences on consumers, the businesses’ bottom line, and the careers of executives that it is changing the conversation around how seriously companies take data security. At Target, CEO Gregg Steinhafel and other executives stepped down in July 2014. Sony Pictures co-chairman Amy Pascal also stepped down after the company’s major data breach.
It has moved from being solely an IT issue to one that reaches the highest executive levels of the company. Preventing advanced data attacks is no longer just a technology issue, it’s a business issue that requires involvement from the top management of an organization.
Chandra Rangan, vice president of product marketing at Symantec, the Mountain View-based company focused on making security and storage software, in Silicon Valley Business Journal article said: “No more can cyber security be relegated to IT. CEOs should be asking themselves, ‘Am I spending at least one hour every month understanding the security posture for my company? And what would I do if a breach happened today?'”
The aftermath of a data breach is felt at all levels of an organization – from the top management down to the customers who may be affected by the breach. Therefore, it stands to reason that data breach prevention should be elevated to a strategic business issue, not just an IT issue. Companies and their executives need to take a complete risk management approach to help prevent a potential data breach, in addition to developing breach response plan in order to protect market value, customers’ trust, and executives’ careers, and prevent the negative financial and legal ramifications.