- Forrester Councils
- Councils Overview
- log in
Posted by Stephanie Balaouras on May 5, 2014
On May 5, 2014, Target announced the resignation of its CEO, Gregg Steinhafel, in large part because of the massive and embarrassing customer data breach that occurred just before the 2013 U.S. holiday season kicked into high gear. After a security breach or incident, the CISO (or whoever is in charge of security) or the CIO, or both, are usually axed. Someone’s head has to roll. But the resignation of the CEO is unusual, and I believe this marks an important turning point in the visibility, prioritization, importance, and funding of information security. It’s an indication of just how much:
During my five years as a research director, I have found that our annual surveys and ongoing research interviews always echo a common chorus from security leaders -- namely, the inability to mature the security posture of the firm due to a lack of executive support and funding for security efforts. As a result of the Target breach: 1) the credit card brands will push for more extensive use of tokenization in payment processing; 2) all CIOs and CISOs will realize that they need to invest in the processes and analyst skill that underpin the SOC as they do in technology; 3) consumer-oriented firms will reassess the maturity and readiness of their incident management and forensics abilities; and 4) Target itself will become one of the first U.S. retailers to adopt chip-and-PIN. But in my opinion, the most important outcome will be the recognition that security, when done well, is not a barrier to business but an accelerator and a differentiator, and everyone in the organization, not just the CISO, but the board, the C-level and every line of business owner has a stake in security.
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »