Today Target Stores announced that Beth Jacob, their CIO since 2008, has resigned. Estimates vary, but the confidential data of at least 70 million of Target’s customers were compromised. Target’s profits and sales have declined as a result, and it faces over $100 million in legal settlements. Not surprisingly, CEO Gregg Steinhafel announced that Target will hire an interim CIO charged with dramatically upgrading its information security and compliance infrastructure.
Whether it’s security breaches at Target, humiliating performance at Healthcare.gov, outages in airline ticketing systems, or 30 minutes of disastrous trading at Knight Capital, the costs of poor structural quality can be staggering. In fact, they are now so high that CEOs are being held accountable for IT’s misses and messes. Consequently, Ms. Jacob will not be the last CIO to lose a job over an application quality problem.
Don’t be surprised if the next CIO survey from one of the IT industry analysts reports that a CIO’s top concern is some combination of application security, resilience, and risk reduction. These issues just moved from variable to fixed income. That is, rather than having improvements in security and dependability affect a CIO’s bonus, they will instead affect a CIO’s salary continuation plan.
Regardless of what the org chart says, the CIO is now the head of security. The threats online overwhelm those onsite. The CIO’s new top priority is to guard the premises of the firm’s electronic business. Failing to accomplish this is failing, period. CIOs and VPs of Application Development, Maintenance, and Quality Assurance must walk on the job knowing these techniques. On-the-job learning is too expensive to be tolerated for long.
By its nature, size, and complexity, software is impossible to completely protect from disruptions and breaches. However, if you want to keep your job, it shouldn’t be the CEO calling for an overhaul of information security and compliance with industry standards.