The job of a CEO is becoming more difficult every year. Today, in addition to being strategic visionaries and leaders, most CEOs have to deal with complex legal issues surrounding their organizations. More often they are being held personally responsible for mistakes of their organization. Security breaches are one of the fastest growing legal issues facing many C-level executives.
Since there is no definitive way to prevent a security breach, every CEO has to develop a plan of action to combat this issue if it occurs. Preparation can not only prevent costly legal and financial issues but also ensure the longevity of their position. Immediate consequences of a security breach vary, however, the long-lasting effects are undeniable. A tarnished reputation often accompanies security breaches, this can lead to customer loss and a decline in stock price. According to industry research, 51% of customers will take their business elsewhere once their information has been breached.
In addition, the number of lawsuits often stem from a single breach can be staggering. Wall Street Journal reports Home Depot faces at least 44 civil suits resulting from the security breach which occurred in 2014.
Battling declining sales and fighting civil lawsuits is only part of the problem. C-level executives also have to face penalties and fines imposed by federal and state authorities for failure to protect sensitive customer data.
Despite high legal and financial stakes, as many as 61% of CEOs report they are not well prepared to deal with the consequences of security breaches. Many of them are not aware whether their organizations had suffered a breach in previous years.
When caught unprepared, CEOs often have trouble holding on to their jobs. Some of the more famous examples include Target's CEO Gregg Steinhafel and CIO Beth Jacob, who were forced to resign by shareholders for not taking adequate steps to protect customers' data. The CEO of HBGary, a high-tech security company, also had to resign after Anonymous leaked emails stolen from the firm. Another example is the executives of KB Financial Group, NongHyup Card, and Lotte Card, who had to step down to take responsibility for the security breach, which affected about 15 million people in Korea.
As government security regulations are getting more stringent, and consumers are growing less tolerant of their data being exposed, senior executives must make data security a priority. Spend more time understanding security protocols, devise data breach response plans, and implement preventive measures to protect sensitive data. These policies must continually evolve as governing regulations are expected to rapidly evolve to keep pace with emerging changes in cyber-criminal strategies.
All C-level executives need to be prepared to handle a potential security crisis with the help of IT, legal, and PR teams. Taking rapid countermeasures and openly communicating about breaches is key to effectively managing expectations of their shareholders and customers.
Home depot: Calia, Michael. (2014). Home Depot Facing at Least 44 Civil Suits in Data Breach. The Wall Street Journal, Business. Retrieved from http://www.wsj.com/articles/home-depot-facing-at-least-44-civil-suits-in-databreach-1416917359
HB Gary: Roberts, Paul. (2011). HBGary Federal CEO Aaron Barr Steps Down. Threat Post, Data Breaches. Retrieved from http://threatpost.com/hbgary-federal-ceo-aaron-barr-steps-down-022811/74971
Korea: Kong, Kanga. (2014). Executives Offer to Quiet Over Credit-Card Leaks in South Korea. The Wall Street Journal, Markets. Retrieved from http://www.wsj.com/articles/SB10001424052702304027204579332142573326518
Who's responsible for data breaches: Gregg, Helen. (2014). Who's Ultimately Responsible for Data Breaches? It Might be You. Becker's Hospital Review. Retrieved from http://www.beckershospitalreview.com/healthcare-blog/who-sultimately-responsible-for-data-breaches-it-might-be-you.html
Security Magazine (2014). Consumers Hold Companies and CSOs Liable for Data Loss. Retrieved from http://www.securitymagazine.com/articles/85875-consumers-hold-companies-and-csos-liable-for-dataloss