CIOs: Are CFOs Lax with Security?


By Stephen Marchewitz

Original Title: 

CFO’s Don’t Want to Get it When it Comes to Risk and Security…Until it’s Too Late.

Target’s CFO should be embarrassed. Target is investing $100 million to upgrade to a more advanced credit card system following the massive hack of customer data, its chief financial officer told U.S. Senators Tuesday. Testifying before the Senate Judiciary Committee, Target CFO John Mulligan gave a more detailed account of the holiday season hack that has exposed personal or financial data of nearly a third of U.S. adults.

$100 million to upgrade credit card systems?

We already noted that Chip and Pin isn’t the answer. Fraud losses on UK cards with this technology totaled £610m (a little more than $1 billion U.S. dollars) in 2008, a peak year for fraud. Obviously, this is a knee-jerk reaction to what they’ve gone through. Will it help? Of course. Did he need to spend that? Not even close. But hey, it’s only the shareholders money, not his. At least he can now say he’s doing something.

Is he going to lose his job for costing the company over a couple billion dollars in losses?

According to Ponemon estimates (PDF), the breach will cost Target over $2 Billion dollars. That’s Billion with a capital B! CFO to get fired? Naw, his bonus will probably go up. And what a tough position. He probably couldn’t spell security before the incident, but had to testify before congress about what they’re going to do…talk about your crash courses. He makes a bold statement when he says, “We will learn from this incident.” Ya think? Companies on average, still not doing the right things—unless they’re forced to California Senator Dianne Feinstein stated that public notification of major data breaches is currently "vague (and) nonspecific," and firms can often get away without making disclosures. We see this all of the time.

These executives at Target got caught with their pants down, and with the size of the breach so large, they had no way of pulling them up. They had to stand there and take it in the shorts. Others typically don’t have such a large breach of information, and thus don’t disclose that their customers’ (or as Target calls them “guests”) information was stolen. Dishonest? Yes. Lucky, absolutely. If the buck stops with the CFO, they're in a sorry state accountability.


Published by





Enjoyed the article?

Sign-up for our free newsletter to kick off your day with the latest technology insights, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.

E-mail address

James Finnan has been covering financial markets for 10 years. He has served as Editor in Chief of since 2010. Additionally he has been a contributing writer to the My Media network of sites including,, and


White Papers