Data breaches have consequences

August 11, 2014 |

The consequences of the data breach at Target continue.  The Huffington Post reports in Data Breaches May Result in Board Breakups that seven of Target’s board may be departing because of the failure to maintain proper data security.

The article provides:

The ripple effect continues to haunt Target: It’s expected that seven of its board of directors members may be replaced because they failed to provide effective oversight into the corporation’s data-protection risks. Boards simply need to be more proactive in safeguarding their companies against data breaches.

Institutional Shareholder Services (ISS) prepared a report on the Target data breach and aftermath. The report states that Target’s board members should have been kept in the loop pertaining to protection of sensitive information and what a breach could mean to brand reputation and customer loyalty.

“The company acknowledged the need for more stringent internal capabilities to identify potential risks with less reliance on external reports which suggested the systems were robust enough,” the report says.

The report concludes that Target failed to prepare for keeping up with today’s cyber threat technology, and that this failure comes from the audit and the corporate responsibility committees.

ISS says that these committees are responsible for being in charge of risk assessment and management. This includes the risk of fraud. The inadequate oversight in these areas paved the way to the disastrous data breach.

The ISS report should be a wakeup call to board members of all businesses. Board members need to realize the importance of directing more time, energy and money toward improving security programs.

Though the dismissal of seven of Target’s total of 10 board members may seem radical, it also has a fair degree of rationale because it sends the message that boards and senior executives need to be held accountable for their company’s cyber security.

Boards need to be practically fused with their organization’s IT experts and executive team so that they have an intimate knowledge of the steps a company is taking to protect customer information—even if none of the board members are security experts. The ramifications from poor handling of a data security incident are now things that even board members must be aware of and work to prevent.

One Response to “Data breaches have consequences”

  1. Data breaches have consequences | Australian Law Blogs

    […] Data breaches have consequences […]

Leave a Reply

Verified by MonsterInsights