The way IT is perceived in the enterprise from now on may come down to whether you see Beth Jacob as a victim, a failure, or both.
When the CIO of Target stepped down following a data security breach that made headlines around the world, even Reuters was paying attention. “CIOs are in the spotlight,” said a story that was picked up in a slew of media outlets. Though Target told Reuters that Jacob’s resignation was her own decision, it was difficult not to see it as an admission of something, or at least a willingness to be the scapegoat. However that move would have profession-wide consequences.
“CIOs from companies in all lines of business, including retail, banking and drug discovery, are using the Target breach as a rallying point to call attention to their struggle and garner additional funds and manpower to fight digital threats,” Reuters reported. “For a host of companies, the Target breach was a pivotal event that permanently altered the way they approach data security. Many CIOs say they’re receiving more support, but they say the trade-off is that they’re facing increased scrutiny from their CEOs and other executives. If their fortress walls fall to hackers, their jobs will be on the line.”
For those a bit closer to the IT industry there were even deeper issues to contend with. Jacob was among those CIOs to have come primarily from an operational or business background. In other words, she is the kind of person who is increasingly expected to take on IT leadership. Given the volume of customer information accessed or lost in the Target breach, some companies may return to the idea that CIOs need a solid grounding in computer science of some kind.
For others, Jacob’s fall may suggest that failing to secure adequate resources to protect corporate data is reason for dismissal. In fact, I increasingly hear from CIOs that although they’re prepared to try and do more with less, there is a threshold on “less” many are beginning to reach. Should Jacob really be the fall guy when the conventional wisdom is that major IT investments require top-level executive buy-in?
Unfortunately I foresee not only Target but now Jacob’s name being used in countless presentations at security conferences — and even leadership conferences — as proof of a point someone wants to make. It’s important to remember how much we don’t know about what happened at Target. This includes not only the techniques of the hackers but the internal politics that may have set Jacob up for a catastrophe in the first place. This is a story that will be interpreted in many different ways. CIOs will need to have their own answer ready when their senior management team asks them for how they would have handled the Target situation, but they can probably all agree they don’t want to end up like Beth Jacob.