At the end of May, Fox Business News reported that Institutional Shareholder Services (ISS), a proxy adviser, suggested that seven of 10 directors at the retail giant be removed from office because the board of directors did not do enough to prevent a massive data breach. In December 2013, a cyber-attack on Target Corporation resulted in unauthorized access of the payment card data of approximately 40 million Target customers and the personal data of up to 70 million Target customers.
ISS is urging shareholders to overhaul Target’s (TGT) board in the wake of last year’s wide-scale data breach. As a result of the breach, estimates in fraudulent charges were as high as $240 million to $2.2 billion, according to a report from the Congressional Research Service. In addition, there has been speculation that the Target breach might have been preventable.
According to the ISS report, “The company acknowledged the need for more stringent internal capabilities to identify potential risks with less reliance on external reports which suggested the systems were robust enough.”
“It appears that failure of the committees to ensure appropriate management of these risks set the stage for the data breach, which has resulted in significant losses to the company and its shareholders,” ISS wrote in statement quoted by The Wall Street Journal. The ISS report also noted: “The Data Breach revealed that the company was inadequately prepared for the significant risks of doing business in today’s electronic commerce environment,”
We encourage Board members and Executive Teams to take careful note of this fall-out at Target. Information risk management is a Board and C-Suite responsibility. In a previous CEO-CEO post, Top 5 Questions CEOs Should Ask Themselves & Board About Risk Management, we posed some basic starter questions that will work for organizations of all sizes. We hope you benefit from these resources and others indicated below.
In an upcoming white paper, we will introduce the Clearwater Information Risk Management Capability Advancement Model™ and self-assessment tool for immediate adoption to assist organizations in building an efficient and effective risk management program best suited to their unique needs. Register now to receive your copy!
Privacy, Security and Compliance Risk Management Resources Available to You
Clearwater Compliance offers best-in-class HIPAA-HITECH Privacy, Security and Breach Notification software and services. Our years of direct front-line, real-world experience with deep privacy and security skill-sets will help you assess and implement the required people, process and technology controls cost-effectively.
Please avail yourself of any of these free resources which you may access now by clicking on the links below:
- Risk Analysis Buyer’s Guide
- Clearwater Compliance White Paper: Risky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater Recorded Webinar event entitled How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater HIPAA Security Risk Analysis™ software DataSheet
- Clearwater HIPAA Security Risk Analysis™ software Free Trial for qualified organizations
- AboutHIPAA.com Risk Analysis Resources
Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – What Level of Detail is Adequate? - April 29, 2017
- HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be? - April 25, 2017
- HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? - April 23, 2017