Will CIOs be the final victim after a breach?
In the wake of their breach, Target announced on March 5, 2014 that their CIO, Beth Jacob was announcing her resignation. In December of 2013, Target announced to the public that it had been the victim of a cyber crime resulting in the loss of 40 Million credit cards and possibly as many as 70 million personal records of its customers. When something of this magnitude is announced to the public, there needs to be someone to blame and the Chief information Officer is the perfect scapegoat.
In many corporate cultures, the role of the CIO was often overshadowed by the Chief Technology Officer. In fact, many boards viewed the CIO as a subordinate of the CTO and the corporate structure was organized in that manner. Recently, with the need to focus on Big Data, compliance initiatives (such as PCI, HIPPA, or SOX), and data security, the CIO has been elevated in status. This heightened status comes with the additional burden of being responsible for the systems when things go wrong. In the case of Target, Ms. Jacob, resigned while Target is working to restructure its payment environment so that a similar breach cannot happen in the future. An interim CIO will be put into place to oversee the overhaul, and the long-term plan for the company has not yet been announced.
In the modern corporate landscape, the CIO is often held responsible for the electronic security of their company. When a hacker succeeds, the CIO may be held as failing in their duties and letting down the company. Data security is a complicated matter, and it is important to always keep in mind that to protect data you must always be perfect. For a hacker to steal data, he only has to succeed once.