Watch Your Data Security, It's A Target

Published: 2014 May 5 by Avi Deitcher

A decade ago, it would have been hard to imagine. In 2014, it is hard to imagine not.

A CEO, serving in his post for a successful 6 years and as a company loyalist for 35 years, has been forced out due to a data security breach. At the same time, data security analysts have become kingmakers and kingbreakers.

Gregg Steinhafel, CEO of Target, who oversaw a 14% increase in revenue in the last 5 years and a 17% increase in profit, has been forced out because of the massive data breach that occurred a few months back. Largely, credit must be given to Brian Krebs, a previously little-known expert who broke the story and followed up, leading with much of the coverage of Target's inept handling of the affair.

On the one hand, I sympathize with Mr. Steinhafel. After all, what core business function is information security? A wise saying holds that a CEO must be an expert in one business field, a near-expert in a second, and conversant with the rest. Given Target's results and successful growth, not to mention fierce customer loyalty - talk with an American expat, and somewhere down the line you will hear, "but I sure miss Target" - he must have done most things right. Further, Target's growth happened during one of the strongest downturns of decades.

At the same time, it is the CEO's job to keep abreast of changes, not only in his/her industry, not only in the broader economy, but in the functioning and structures of businesses.

Wal-Mart, a major competitor to Target, leveraged IT extensively to gain significant improvements in its supply chain and inventory management, which allowed it to maintain gross margins at lower prices. Yet clearly Target never really understood the sensitivity of the data it had. The correct resources were never put in place, and when they were, the results were dismissed.

At heart, it speaks to a culture of data specifically and IT in general as second-tier. When that happens, this sort of pain is almost inevitable. It might be a data loss, a data breach (as happened), or just inefficient management degrading margins.

Either way, Steinhafel, a Target lifer, ignored IT's risks, never learned the value, and now he is paying the price.