C-Suite Held Accountable for Cybersecurity

C-Suite Held Accountable for Cybersecurity

C-Suite Accountable for Cybersecurity

No longer can cybersecurity be relegated to the IT department. The developing trend is for the C-Suite to be held directly accountable for cyber breaches.

According to Business Insider:  Yahoo’s massive data breach caused CEO, Marissa Mayer to forfeit her annual bonus of around $2 million USD and miss out on stock awards worth millions more. Ronald Bell, the company’s general counsel was also hit hard, and forced to resign without getting his severance pay.

Cybersecurity Accountability

When a company experiences a significant security incident, it’s not just the company that suffers tangible losses. The management team will often pay a steep price as well. We are seeing more and more cases where senior managers are held directly accountable for cybersecurity.

Yahoo’s CEO got off easy with just the loss of her bonus. Other CEOs and senior managers haven’t been as lucky—with many of them suffering public humiliation and termination.

Management Fallout

Here are a few examples of management fallout that occurred at other companies who experienced a serious cybersecurity incident:

  • Target: Following Target’s 2013 colossal data breach that affected 40 million customers, CIO Beth Jacob resigned under pressure. Shortly thereafter, the board decided it was time for new leadership and CEO Gregg Steinhafel was replaced.
  • Home Depot: CEO, Frank Blake announced his retirement just before the September 2014 breach was disclosed. In February 2015, Blake also stepped down as chairman of Home Depot.
  • Sony: In an article from NBC News, Amy Pascal, former CEO of Sony, stated that she was fired as a direct result of the December 2014 breach.
  • Utah Department of Health: After hackers accessed thousands of Medicaid records from government servers, the governor of Utah, Gary Herbert, fired Stephen Fletcher, head of the state’s Department of Technology Services.
  • TalkTalk: CEO, Dido Harding will leave the company in May. TalkTalk recently disclosed that their October 2015 cybersecurity incident cost them over 100,000 customers and financial losses of over $83 million dollars.
  • Avid Life Media (ALM): CEO, Noel Biderman resigned under pressure after Ashley Madison (which is owned by ALM,) was breached.
  • FACC: Austrian aircraft parts maker fired its chief executive of 17 years after cybercriminals stole some 50 million euros ($55.7 million) from the company’s account.
  • US Office of Personnel Management (OPM): After 21.5 million federal records were stolen from OPM, Director, Katherine Archuleta initially fought calls for her resignation. But after it was revealed that the breach was worse than initially thought, Archuleta tendered her resignation.

The size and scale of numerous data breaches have captured the attention of not only customers, but the boardroom too. No longer can cybersecurity be relegated to the IT department. The developing trend is for the CEO and others in high-level positions to be held directly accountable for cyber breaches.

No industry, organization, company-size, technical platform, or geographic area is immune to the dangers of a major data breach. In today’s world—the C-Suite can be held directly responsible for cyber breaches.

Brian Laing

Brian Laing

For more than 20 years, Brian Laing has shared his strategic business vision and technical leadership with a range of start-ups and established companies in various executive level roles. The author of “APT for Dummies,” he was previously vice president of AhnLab, where he directed the US operations of the internationally known security and software leader. Brian previously founded Hive Media where he served as CEO. He co-founded RedSeal Systems, where he conceived the overall design and features of the product and was granted two patents related to network security. He was also founder and CEO of self-funded Blade Software, who released the industry’s first commercial IPS/FW testing tool.
Brian Laing