14 Security Fails That Cost Executives Their Jobs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
News
7/14/2015
07:06 AM
Thomas Claburn
Thomas Claburn
Slideshows
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

14 Security Fails That Cost Executives Their Jobs

Katherine Archuleta, the director of the Office of Personnel Management, is the latest casualty of a data breach, but she's certainly not the only one. There's no job security when your job is security.
Previous
1 of 15
Next

Katherine Archuleta, former director of the Office of Personnel Management, speaking at a United States Department of Agriculture event in 2014.
(Image: USDA photo by Todd Witham via Flickr under CC02 license )

Katherine Archuleta, former director of the Office of Personnel Management, speaking at a United States Department of Agriculture event in 2014.

(Image: USDA photo by Todd Witham via Flickr under CC02 license )

You had one job: Secure the data. What happened?

Life as a CEO, CIO, or CTO is a bit more complex than that. Not every executive is directly responsible for IT security. Few have a deep understanding of it.

But in our networked world, IT security is the foundation of a successful business, and blame is shared when the floor collapses. Organizational leaders may prefer to focus on the big picture, but inattention to security has proven to be a poor career move.

Katherine Archuleta, the director of the US Office of Personnel Management, is the latest casualty of a data breach. She resigned on Friday following revelations that hackers had made off with the data of 21.5 million people who applied for government background checks. Her agency previously disclosed that the personal information of more than 4.2 million federal workers had been compromised.

In a May 2015 study, based on information from 350 companies, IBM and the Ponemon Institute found that the average total cost of a data breach increased to $3.79 million from $3.52 million last year. The average cost paid for each lost or stolen record with sensitive data rose as well, to $154, from $145 last year. That's a global average. In the US, the cost per capita reached $217.

By that measure, the theft of 25.7 million OPM records could cost almost $5.6 billion. If only those funds could be added to the $14 billion proposed for cybersecurity in FY2016. After all, the OPM breach could have serious, long-term implications for national security.

Monetary costs tell us nothing about the angst and inconvenience visited upon the victims of a breach, or the personal and professional toll paid by whoever accepts responsibility.

It's infuriating for data theft victims to be forced to worry about fraud and identity theft due to someone else's errors, ignorance, or incompetence. At the same time, it's difficult not to be a bit sympathetic to those called upon to maintain security using systems and people who are unavoidably flawed. Those who do the job well succeed, in part, because there's someone else out there doing the job less well, someone running an organization that's an easier target.

When you look at the list of companies that have been hacked in some way, it becomes apparent that even the most technically sophisticated organizations can be breached given a sufficiently well-funded, determined attacker. Speaking on 60 Minutes in 2014, FBI Director James Comey put it this way: "There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese, and those who don't know they've been hacked by the Chinese."

And Chinese hackers are not the only hackers in the world.

Given the vulnerability of IT systems, the first act of an incoming CEO, CIO, or CTO should be to write a resignation letter, apologizing for the "unforeseen" data breach that everyone feared was coming. Ideally, the letter's presence will serve as a reminder to prioritize security concerns.

With luck and diligence, the letter will never need to be tendered. But many executives have not been so fortunate or attentive. Here are a few who have stepped aside or been forced out following a breach. Maybe there's a lesson here, or maybe we're all just waiting for the other shoe to drop.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 15
Next
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll