(Washington, DC) Given the high-profile ouster of Target's CEO in the wake of the retailer's massive data breach, cybersecurity has been--and should be--elevated to executive suites across corporate America, a string of top security experts said yesterday. Speaking at a day-long cybersecurity conference hosted by Bloomberg Government here, current and former top government and industry cyber specialists issued a wake-up call to business and critical infrastructure leaders that cybersecurity can no longer be relegated to the purely technical realm.
"Cybersecurity is foundational," Admiral Mike Rogers, Commander of U.S. Cyber Command and Director of the National Security Agency said. "You must own this problem. This is just not your IT and computer people. You have to own this problem as a leader."
"This is becoming a CEO issue," Lou Von Thaer, President of the National Security Sector of Leidos, said. "We are being asked by directors all the time to be briefed," Steven Chabinsky, General Counsel and Chief Risk Officer of CrowdStrike said. "I hear all the time from the board members…they actually think the IT people are purposively speaking in gibberish so they cannot be subjected to oversight."
Although litigation and liabilities are the primary outcome of Target-like breaches, the challenge of handling a huge, complex crisis might be the bigger reason that executives are suddenly paying attention. "In some respects the greatest liability risk is not a legal one but a crisis management one," Donald Fagan of Covington and Burling said. "It is the Target issue…that has caught the attention of many businesses out there. They’ve caught religion"
Target may be the poster child for the massive damage that can ensue from a cybersecurity breach, but the company did most things right when it came to cybersecurity. Target would have received a high grade in terms of how well it followed the cybersecurity framework issued by the National Institute of Standards and Technology earlier this year, Stewart Baker of Steptoe & Johnson said. "They just didn't respond to the overwhelming number of alerts they got."
"People have to understand how good a company Target is when it comes to cybersecurity," Michael Leiter, Senior Counselor to the CEO of Palantir Technologies said. "That means there really is no company that doesn't face this as a business risk."