How the Target CEO resignation will affect other execs' security views

May 5, 2014

Brandan Blevins

Target Corp. announced today that CEO Gregg Steinhafel has stepped down from his position, effective immediately, less than five months after it was discovered the retail giant had been struck by a massive data breach.

Industry observers said Steinhafel's de-facto ouster may be a turning point for enterprise information security's importance in the C-suite, proving that CEOs must take infosec seriously -- or face the consequences.

The Target data breach saga -- resulting in the loss of approximately 40 million payment cards and the personal information of up to 70 million customers -- has embroiled the retail giant since its discovery. Facing dozens of lawsuits, several congressional hearings, and a stock that as of press time had fallen 5.6% this year, Steinhafel seemed unable to move the company past the public relations hit it suffered as a result of the incident.

In a statement this morning, Target's board of directors thanked Steinhafel, a 35-year veteran of the company and CEO since 2008, for his service, and said that current CFO John Mulligan would be taking over as CEO in the interim. Target director Roxanne Austin will assume Steinhafel's board of directors' responsibilities as interim non-executive chair.

"Most recently, Gregg led the response to Target's 2013 data breach. He held himself personally accountable and pledged that Target would emerge a better company," said Target's board in a statement. "We are grateful to him for his tireless leadership and will always consider him a member of the Target family."

Steinhafel's resignation follows on the heels of former Target CIO Beth Jacob's exit in March. Jacob was reportedly the executive meant to be overseeing the company's IT security program, as the company had never created the position of CISO. Bob DeRodes, Jacob's replacement and a long-time tech executive, has been tasked with handling Target's ongoing security efforts, including the hastened switch to a chip-and-pin payment infrastructure.