Target Names New CEO Following BreachFaces the Challenge of Ensuring Data Security
Brian Cornell, a PepsiCo executive named as the new chairman and CEO of Target Corp., faces the challenge of ensuring that the protection of customer information is a top priority at the retailer following last year's massive data breach.
"It goes without saying that Cornell is going to have to focus on the ongoing protection of information," says Alan Brill, senior managing director of cybersecurity and investigations at the security advisory firm Kroll Solutions.
"I hope he helps to facilitate a way for the board to maintain an appropriate level of oversight to make sure that their information security system, as it continues to evolve, is actually working as intended. I think he fully understands that updating their standards, procedures, processes and controls is vital, but so is making certain that the controls work, and that there is a commitment to keep their information security risk assessment current and to modify the program to keep up with emerging risks."
From a security perspective, Cornell needs to give the company's CIO and CISO enough authority and backing to elevate security to a key competency for Target, says Gartner analyst Avivah Litan. "This will ensure the CIO and CISO get the cooperation and budget they need from the organization," she says.
While Cornell doesn't need to get involved in the day-to-day security agenda items for the company, he needs to ensure security is a top priority and focus on his corporate agenda, Litan says. "This should help ensure Target avoids future data breaches," she says. "From a security perspective, Target's reputation will come back on its own if the company maintains good security practices."
In addition, the new CEO needs to cooperate with peers in the retail industry "not just to issue EMV cards and eliminate mag-stripe, but to commit to modernization of the retail payment system," says security consultant William Hugh Murray.
Cornell also needs to take the lead in building a corporate culture that emphasizes protecting privacy, says Trevor Hughes, president and CEO of the International Association of Privacy Professionals. "The new CEO needs to ensure that Target has a broad and robust understanding of privacy risk and how to mitigate and manage that risk," he says. "That involves having some privacy professionals within the organization, which they do. They need to continue to empower those professionals and extend privacy training and expertise across the entire enterprise."
Experienced Corporate Leader
Cornell was announced as Target's new chairman and CEO on July 31. He'll join the big box retailer on August 12.
He most recently served as the CEO of PepsiCo American Foods, where he oversaw the company's global food business. He formerly served as president and CEO of Sam's Club, a division of Wal-Mart Stores Inc.; CEO at Michaels Stores Inc., which, like Target, has been a data breach victim; and executive vice president and chief marketing officer for Safeway, a grocery store chain.
Cornell replaces Gregg Steinhafel, who resigned as Target Corp.'s chairman, president and CEO in May following the breach that exposed 40 million credit and debit card accounts, along with personal information on 70 million customers (see: Breach Aftermath: Target CEO Steps Down). John Mulligan, Target's chief financial officer, is serving as interim president and CEO, and Roxanne Austin, a current member of Target's board of directors, is interim non-executive chair of the board.
"As we seek to aggressively move Target forward and establish the company as a top omnichannel retailer, we focused on identifying an extraordinary leader who could bring vision, focus and a wealth of experience to Target's transformation," Austin says. "The board is confident that [Cornell's] diverse and broad experience in retail and consumer products as well as his passion for leading high performing teams will propel Target forward."
Cornell's appointment as chairman and CEO follows other recent high-profile hires at Target. On June 10, Target named Brad Maiorino as the company's first CISO. Maiorino reports to Bob DeRodes, who was appointed executive vice president and CIO on May 5.