C-Suite Held Accountable for Cybersecurity
No longer can cybersecurity be relegated to the IT department. The developing trend is for the C-Suite to be held directly accountable for cyber breaches.
According to Business Insider: Yahoo’s massive data breach caused CEO, Marissa Mayer to forfeit her annual bonus of around $2 million USD and miss out on stock awards worth millions more. Ronald Bell, the company’s general counsel was also hit hard, and forced to resign without getting his severance pay.
When a company experiences a significant security incident, it’s not just the company that suffers tangible losses. The management team will often pay a steep price as well. We are seeing more and more cases where senior managers are held directly accountable for cybersecurity.
Yahoo’s CEO got off easy with just the loss of her bonus. Other CEOs and senior managers haven’t been as lucky—with many of them suffering public humiliation and termination.
Here are a few examples of management fallout that occurred at other companies who experienced a serious cybersecurity incident:
- Target: Following Target’s 2013 colossal data breach that affected 40 million customers, CIO Beth Jacob resigned under pressure. Shortly thereafter, the board decided it was time for new leadership and CEO Gregg Steinhafel was replaced.
- Home Depot: CEO, Frank Blake announced his retirement just before the September 2014 breach was disclosed. In February 2015, Blake also stepped down as chairman of Home Depot.
- Sony: In an article from NBC News, Amy Pascal, former CEO of Sony, stated that she was fired as a direct result of the December 2014 breach.
- Utah Department of Health: After hackers accessed thousands of Medicaid records from government servers, the governor of Utah, Gary Herbert, fired Stephen Fletcher, head of the state’s Department of Technology Services.
- TalkTalk: CEO, Dido Harding will leave the company in May. TalkTalk recently disclosed that their October 2015 cybersecurity incident cost them over 100,000 customers and financial losses of over $83 million dollars.
- Avid Life Media (ALM): CEO, Noel Biderman resigned under pressure after Ashley Madison (which is owned by ALM,) was breached.
- FACC: Austrian aircraft parts maker fired its chief executive of 17 years after cybercriminals stole some 50 million euros ($55.7 million) from the company’s account.
- US Office of Personnel Management (OPM): After 21.5 million federal records were stolen from OPM, Director, Katherine Archuleta initially fought calls for her resignation. But after it was revealed that the breach was worse than initially thought, Archuleta tendered her resignation.
The size and scale of numerous data breaches have captured the attention of not only customers, but the boardroom too. No longer can cybersecurity be relegated to the IT department. The developing trend is for the CEO and others in high-level positions to be held directly accountable for cyber breaches.
No industry, organization, company-size, technical platform, or geographic area is immune to the dangers of a major data breach. In today’s world—the C-Suite can be held directly responsible for cyber breaches.