Your CISO will soon need more clout
If consumers weren’t skittish enough, Home Depot recently joined the rapidly lengthening list of big box retailers experiencing sometimes prolonged data breaches: Albertson’s, Dairy Queen, The UPS Store, Sally Beauty, Target, Michael’s, Neiman Marcus, P.F. Chang’s and SuperValu.
More than a few Chief Information Security Officers (CISO) must be nervous. In fact, it may be forcing corporations who do not have a CISO to rethink that strategy. Often the CISO position is folded in with or serves under the Chief Information Officer (CIO) or even, if the CIO reports to the Chief Financial Officer (CFO), as is the case in some organizations, two layers under the seat of power. So, the person charged with security risk management may not have the authority to get things done.
With the recent spate of high profile data breaches, translating the message up the chain or even the perception that the CISO’s job is not important enough to be a direct report may not cut it anymore. Shareholders and customers want answers.
Consumers also are flocking to convenient online sites, where they have few other choices than to use a credit or debit card.
Data breaches, whether prolonged or short lived, especially those that compromise customer information, are black eyes that eventually will force consumers to keep their credit and debit cards at home. Having the man or woman in charge of mitigating IT risk fairly far down the food chain doesn’t look good, no matter whose ear he or she may have.