Should someone be fired for a cyber breach? And if so, who?

Should heads roll for a cyber breach? And if so, who’s head?

Those were questions raised this week with the news that Austrian aerospace parts maker FACC had fired its CEO after a staffer fell for the so-called business executive scam where an employee transferred about US$50 million to an account for a fake acquisition project on a phony email request from the chief executive.

He was the second to go: In February the chief financial officer was bounced.

According to Reuters, the firm’s supervisory board decided at a 14-hour meeting on Tuesday to dismiss CEO Walter Stephan with “immediate effect.”

If the fraud sounds familiar, it is. In March news reports emerged that a year ago toy maker Mattel Inc. nearly lost US$3 million when a senior finance official fell for almost exactly the same scam — an email supposedly from the CEO asking money be wired to China, this time for a new vendor. The money was sent. Fortunately it happened on a long weekend in China and the receiving bank was closed for three days. Police got there in time to stop the transaction.

In this case it was hard to fault the financial official. The company had controls to stop this kind of fraud, a rule that two people had  to approve such transfers: She was one, and the CEO was the other …

Well, Mattel got lucky. FACC reportedly stopped only about US$10 million of the transfer.

These are, of course, not only executive frauds but also spear phishing attacks. But they raise the question of who is responsible if they succeed. If a regular employee clicks on a link or an attachment and downloads malware many organizations would forgive the staffer, at least for a first offence. Some would discipline. However, most organizations should (hopefully) have controls over the movement of large sums of money.

Why the CEO and CFO of FACC walked the plank isn’t publicly known, and Austrian labour and contract law aren’t the same as ours. Was it to appease shareholders? Were financial controls ignored? Were executives warned to have controls and management was slow in writing them?

Certainly when executives are let go at publicly-traded companies it’s public. Most private companies have the luxury of quietly easing someone out the door, although Canada’s Avid Life Media — owner which had been trying to go public — let it be known that CEO Noel Biderman resigned after the huge Ashley Madison breach. Some CEOs keep their jobs seemingly because boards figure other companies are breached, so it’s just one of those things. Others, like Target’s CIO, resign  amid news reports that the retailer’s IT security systems actually warned of an intrusion.

Regardless, the FACC firings got headlines — and C-level officials around the world are reading them. Hopefully they are taking security more seriously. But does it take a high-level firing to get their attention?

Should someone be fired over a breach? Let us know what you think in the comments section below?

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now