Digital Security // By Todd SextonCEO responsibilities for data breach

Published 13 February 2015

The job of a chief executive officer (CEO) is becoming more difficult every year. Today, in addition to being strategic visionaries and leaders, most CEOs must deal with complex legal issues surrounding their organizations. More often they are being held personally responsible for mistakes made by their organizations. Security breaches are one of the fastest growing legal issues facing many C-level executives. All C-level executives need to be prepared to handle a potential security crisis with the help of IT, legal, and PR (public relation) teams.Taking rapid countermeasures and openly communicating about breaches are key factors in effectively managing expectations of a company’s shareholders and customers.

The job of a chief executive officer (CEO) is becoming more difficult every year. Today, in addition to being strategic visionaries and leaders, most CEOs must deal with complex legal issues surrounding their organizations. More often they are being held personally responsible for mistakes made by their organizations. Security breaches are one of the fastest growing legal issues facing many C-level executives.

Since there is no definitive way to prevent a security breach, each CEO must develop a plan of action to combat this issue in order to meet industry regulations. Preparation can not only prevent costly legal and financial issues, but also ensures the longevity of their position. Immediate consequences of a security breach vary, however, but the long-lasting effects are undeniable. A tarnished reputation often accompanies security breaches, which can lead to customer loss and a decline in stock price. According to industry research, 51 percent of customers will take their business elsewhere once their information has been breached.

In addition, the number of lawsuits often stemming from a single breach can be staggering. The Wall Street Journal  reports that Home Depot faces at least forty-four civil suits resulting from the security breach which occurred in 2014.

Battling declining sales and fighting civil lawsuits are only part of the problem. C-level executives also have to face penalties and fines imposed by federal and state authorities for failure to protect sensitive customer data.

Despite high legal and financial stakes, as many as 61 percent of CEOs report they are not well-prepared to deal with the consequences of security breaches. Many of them are not aware of their organization’s previous breaches suffered.

When caught unprepared, C-level executives often have trouble holding on to their positions. Some of the more famous examples include Target’s CEO Gregg Steinhafel and CIO Beth Jacob, who were forced to resign by shareholders for not taking adequate steps to protect customers’ data. The CEO of HB Gary, a high-tech security company, also had to resign after the hacker group, Anonymous, leaked e-mails stolen from the firm. Other examples of financial companies, the top executives of which had to step down in taking responsibility for security breaches,, include KB Financial Group, NongHyup Card, and Lotte Card, where breaches affected about fifteen million people in South Korea.

As governmental security regulations are increasingly more stringent, and consumers are growing less tolerant of their data being exposed, senior executives must make data security a priority. They need to spend more time understanding security protocols, devise data breach response plans, and implement preventive measures to protect sensitive data. Policies must continually evolve as governing regulations are expected to rapidly evolve to keep pace with emerging changes in cyber-criminal strategies.

All C-level executives need to be prepared to handle a potential security crisis with the help of IT, legal, and PR (public relation) teams.Taking rapid countermeasures and openly communicating about breaches are key factors in effectively managing expectations of a company’s shareholders and customers.     

— Read more in:

  • Michael Calia,  “Home Depot Facing at Least 44 Civil Suits in Data Breach,” Wall Street Journal, 25 November 2014
  • Paul Roberts, “HBGary Federal CEO Aaron Barr Steps Down,” Threat Post, 12 February 2015
  • Kanga Kong, “Executives Offer to Quiet Over Credit-Card Leaks in South Korea,” Wall Street Journal, 12 January 2014
  • Helen Gregg, “Who’s Ultimately Responsible for Data Breaches? It Might be You,” Becker’s Hospital Review, 29 May 2014
  • “Consumers Hold Companies and CSOs Liable for Data Loss,” Security Magazine, 1 November 2014

Todd Sexton is the CEO of Identillect Technologies Inc.