Target CIO resigns, chain to look outside for IT leadership
Beth Jacob, chief information officer at Target, has resigned from her position, the first major executive change following a massive data breach last year that resulted in 40 million consumer accounts being stolen along with the names and addresses of 70 million customers.
Target CEO Gregg Steinhafel said the company would immediately begin an external search for an interim CIO to help guide the retailer through an overhaul of its "information security and compliance structure and practices."
"To ensure that Target is well positioned following the data breach, we are undertaking an overhaul of our information security and compliance structure and practices. As a first step, Target will be conducting an external search for an interim CIO who can help guide [the company] through this transformation."
Target is also creating a new position, chief information security officer, which the company intends to fill from the outside, as well.
"We are also working with an external adviser, Promontory Financial Group, to help us evaluate our technology, structure, processes and talent as part of this transformation," Mr. Steinhafel said.
"I believe this is definitely a measure in restoring faith and really showing that they are taking the breach seriously," Heather Bearfield, national technology assurance services practice group leader for Marcum LLP, told Reuters.
Discussion Questions
What challenges will outside IT executives face coming into Target as the chain looks to overhaul its information security practices? Does the creation of a chief information security officer position make sense for other retailers in addition to Target?
My family was one of the millions whose credit card was compromised and had to be replaced. The fact that Target had so little in place is astonishing so the big challenge will be starting from scratch. The criminals seem to be getting too far ahead.
I believe what is needed is a national retail task force with some of the best and brightest minds in internet security to come together to implement strategies that make it much tougher for criminals to penetrate. Expecting that this will not happen again is wishful thinking and not very practical. Expecting one retailer to have the answer is also wishful thinking. We need the A-team on this one.
Ms. Jacob should not be the only head that rolls at Target after the huge security breech. The company totally botched the situation, costing banks and credit card issuers millions of dollars in fraudulent charges and reissued cards and consumers millions of hours straightening out their credit card accounts. When all is said and done, Target will be in court for years and will spend hundreds of millions of dollars.
Whoever assumes executive IT positions at Target will be under a microscope to make changes that protect the company and consumers. The creation of a chief information security officer may look good in the press, but that alone won’t solve the problem. Retailers need to engage the services of outside firms that specialize in payment and IT security and take digital security far more seriously going forward.
Titles mean nothing, action means everything. Poor Target, they have all this distress because they came forward with the data breach. How many other retailers have been hacked and either don’t know it or never said a word? Let’s skip the new titles and and job descriptions and work on replacing our credit card systems.
Let’s look at the human side. I would imagine that the stress and the anxiety levels experienced by Target executives were off the charts during this crisis. Can you imagine how the demands of this crisis probably affected their lives and even their families while this was going on? Think about it. A very successful retail chain was brought to a screeching halt over a massive customer issue that no one really knew how to resolve.
And now any new executive needs to figure out how to win back the confidence of the consumer while also solving a very high tech problem so that this never happens again. In my opinion, consumers will be unforgiving if it happens again.
The new CIO will be joining a team that is seeking clear direction when it comes to data security. They can’t afford a second mistake. The new CIO will most likely come from outside retail. A private sector security organization or high tech company would be a good place to look.
What has become more clear of the last 10 years is the important role the CIO plays within an organization. The CIO now needs to work closely with the CMO and other key executives to ensure IT and the rest of the organizations initiatives are aligned. Technology truly touches every aspect of the company and how they operate.
Security’s role is interesting. In my opinion, it would make a a lot of sense for major retailers to work together on this. A data breach like the one at Target is bad news for all retailers.
Let’s be clear, while Beth had the CIO role, this is a failure of the entire organization and the fallout should extend up to the other executives. The biggest challenge for an outside executive will be to blend in with Target’s culture as security now has everyone in the organization’s attention.
Having a security/privacy focused role makes sense for every retailer in the electronic age we now live in. If retailers don’t have this role already, it’s another sign of how far they have to go to reel in Amazon and other eTailers.
This can’t be a surprise to anyone. Someone had to take the bullet. Having it be the CIO was an event waiting to happen. Next question: who is next? There has to be more than one head rolling out of this monumental gaffe.
“Overhaul” doesn’t seem like the right word – one “overhauls” something that’s basically sound – and Target’s use of the term concerns me that maybe they still don’t get it: this was a catastrophic failure at every level.(Of course coming right out and saying “our systems $%^#” or “we’ve decided to actually have security now” probably wouldn’t be too good either.)
Whoever is picked will have a difficult task beyond the purely technical details, and I wish him or her good luck.
The current CEO placed his company’s public trust in a CIO that allowed the IT system security and data protection to completely fail. As of this date there are no certified assurances with proof documentation of recent security tests demonstrating that the fault has been detected and corrected. That said, the company’s board of directors needs to aim a little higher on the organization chart to make changes that will start the process to provide the public with a safe place to shop with anything other than cash and carry transactions. The company’s security breaches are nothing less than a total failure and the public’s caution is not only justified, it is totally necessary.
As long as the same executives are selecting a new CIO, there will most likely be a replacement of similar capabilities. This is a very serious problem and thinking that the recently departed CIO is solely responsible is a huge mistake for both the company and the public.
Target is clearly out of sync with its contractors and IT suppliers. This is their greatest issue and should be the first place they correct.