This entry is part 4 of 9 in the series CEO-to-CEO

At the end of May, Fox Business News reported that Institutional Shareholder Services (ISS), a proxy adviser, suggested that seven of 10 directors at the retail giant be removed from office because the board of directors did not do enough to prevent a massive data breach.  In December 2013, a cyber-attack on Target Corporation resulted in unauthorized access of the payment card data of approximately 40 million Target customers and the personal data of up to 70 million Target customers.

ISS is urging shareholders to overhaul Target’s (TGT) board in the wake of last year’s wide-scale data breach. Target-logo-v.-1 As a result of the breach, estimates in fraudulent charges were as high as $240 million to $2.2 billion, according to a report from the Congressional Research Service.  In addition, there has been speculation that the Target breach might have been preventable.

According to the ISS report, “The company acknowledged the need for more stringent internal capabilities to identify potential risks with less reliance on external reports which suggested the systems were robust enough.”

“It appears that failure of the committees to ensure appropriate management of these risks set the stage for the data breach, which has resulted in significant losses to the company and its shareholders,” ISS wrote in statement quoted by The Wall Street Journal.  The ISS report also noted: “The Data Breach revealed that the company was inadequately prepared for the significant risks of doing business in today’s electronic commerce environment,”

We encourage Board members and Executive Teams to take careful note of this fall-out at Target. Information risk management is a Board and C-Suite responsibility.  In a previous CEO-CEO post, Top 5 Questions CEOs Should Ask Themselves & Board About Risk Management, we posed some basic starter questions that will work for organizations of all sizes. We hope you benefit from these resources and others indicated below.

In an upcoming white paper, we will introduce the Clearwater Information Risk Management Capability Advancement Model™ and self-assessment tool for immediate adoption to assist organizations in building an efficient and effective risk management program best suited to their unique needs.  Register now to receive your copy!


Privacy, Security and Compliance Risk Management Resources Available to You

Clearwater Compliance offers best-in-class HIPAA-HITECH Privacy, Security and Breach Notification software and services. Our years of direct front-line, real-world experience with deep privacy and security skill-sets will help you assess and implement the required people, process and technology controls cost-effectively.

Please avail yourself of any of these free resources which you may access now by clicking on the links below:

Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.

Series Navigation<< CEO-to-CEO – 3 Privacy, Security & Compliance Risk Management Items of InterestCEO-to-CEO – Risk Management At What Cost, CEO? >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.