It’s fairly easy to list the problems that await the next chief executive of Target: a multi-year sales decline, a weakening of its “cheap chic” brand, a troubled expansion into Canada, the lingering resentment in a key demographic group over campaign contributions.
And, of course, the fallout from last year’s giant data breech.
All those things were factors in the departure Monday of CEO and chairman Gregg Steinhafel, but the biggest public attention has gone to the 2013 data breech, which compromised the payment card data of 40 million customers and exposed the personal information of 70 million.
If there is any good to come from that mess, it is the possibility that Steinhafel’s departure will serve as an object lesson for other chief executives: Cybersecurity matters.
Retailers and financial institutions have long regarded credit card fraud and identity theft as merely part of the cost of doing business. Indeed, Target believes most of its direct expenses from the breech will be covered by insurance.
But such breech is considerably more troublesome to the people whose information has been stolen and misused.
The Target breech was massive enough to catch the public’s attention, and big enough to seriously dent consumer confidence in the Minneapolis-based retailer.
Yet five months after the breech became known, Target still has no chief information security officer. There’s nobody in charge there of keeping the thieves out of the computer systems. This is not unique to Target; it is, according to Brian Krebs, the security blogger who exposed the breech, typical of American retailers, even those who’ve been victimized by similar breeches.
The moral of the story is — or should be — that there’s more to electronic payment systems than speed and convenience, more than the data mining that increasingly focuses marketing efforts. Yes, customers want to pay with plastic; but they also want that information secured.
Fail at that, and the customers will lose faith.