The CFO's role in the data breach war
Finance, working with IT, increasingly must manage the serious risks, from planning to handling fallout.
CFOworld - The disturbing rash of data breaches in recent years has demonstrated that data security -- always a huge concern of CFOs -- affects every company and its customers. Entertainment sites, clothing retailers, grocers, financial services institutions are only the latest and most obvious of organizations to have had IT systems compromised, or sensitive information stolen.
Traditionally, of course, data protection falls mainly in the IT department's domain. But while CIOs may manage the Wi-Fi networks and servers that criminals target, CFOs approve IT spending, and are often responsible for handling repercussions of a breach. That suggests that they should have a lot to say about data security planning, too, to go with their deep involvement in dealing with the fallout -- from notifying the parties affected by breaches, to reporting on the financial consequences.
Further, CFOs should serve as facilitators in helping "business managers treat security as an economic requirement," says Jay Heiser, a Gartner research vice president whose focus areas include IT risk assessment and management. And that's something that finance people may do better than techies, because they're not security wonks.
Data breaches "can absolutely impact your bottom line" says Mike Dandini, head of the management and professional liability underwriting unit at The Hartford, the insurance giant. Cyberinsurance, he adds, is the second most asked about management liability product these days.
"The real issue comes down to how much data to they store," he says. "Do they keep a lot of personal, identifiable information? But also, for any company, your trade secrets, your proprietary information, all of that could be at risk. So from a CFO's perspective, that could impact revenues, good will, reputation and client trust. That all comes down to cost, whether its lost revenues, or whether it's remediation."
Three That Hurt
And the consequences of breaches at Sony, TJX Cos. and the Hannaford supermarket chain, to name just three, have illustrated just how costly they can be.
- Sony, which suffered multiple data breaches across its online entertainment sites in April, initially estimated clean-up costs at least $171 million. It had to warn investors that the breach, which affected 101 million users and ranks as one of the largest to date, would have a sharp impact on its fiscal 2011 year. One major cost: the free year of identity-theft monitoring that the company is offering PlayStation Network and Qriocity users whose names, addresses, birth dates, purchase histories and online identifications were stolen.
- The repercussions of an 18-month hack that began in July 2005 cost TJX, parent company of clothing chains TJ Maxx and Marshalls, $256 million. The retailer saw $118 million erased from its 2007 second-quarter profits to deal with the attack, during which hackers made off with 45.6 million credit and debit card numbers.
- The Hannaford chain likely will see in its legal expenses soar after a recent federal appeals court decision related to a 2007 data breach. The ruling allows a class-action lawsuit against Hannaford to proceed. Victims are seeking compensation for the measures they took to protect themselves from identity theft and fraud after perpetrators pilfered 4.2 million credit and debit card numbers.
Crafty hackers hack craft stores -- again.
Michaels Stores (NYSE:MIK) has finally confirmed the details of the point-of-sale hack revealed in January. It's unclear what's taken them so long -- the company claims the hack was "highly sophisticated," but everyone uses a blah-blah phrase like that.
Your humble blogwatcher notes that the problem persisted for more than a month after the news first broke. smh.
In IT Blogwatch, bloggers are aghast that, for the second time, the company's POS was hacked -- lasting almost nine months.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- The Big Data Opportunity for HR and Finance
- If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Manufacturing Outlook: Improving time to market, operational effectiveness and innovation in a highly competitive environment
- An enterprise project portfolio management solution can help manufacturers position themselves in the new competitive landscape.
- Time-to-Market: The Need for Speed in the Automotive Industry
- Bringing new vehicles to market quickly has never been more challenging. To bring new models to market on-time and on budget, automakers need...
- Application Rationalization Scorecard: Analysis to Action
- This paper details a proven method, used most recently to evaluate a financial services application portfolio. At the method's core is the scorecard....
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
All Financial IT White Papers
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- All Financial IT Webcasts