There was much press this week about Target’s CEO and Chairman, Gregg Steinhafel, being forced out. Blame reached the top job after the successful cyber attack on Target last year. But null to a mounting global problem.
Cyber security is a problem for every company
Richard Clark is probably the USA’s foremost authority on cyber attacks. He was on America’s National Security Council, and headed the counter-terrorism section. Since leaving government he has increasingly focused on cyber attacks, and advised corporations.
In early 2013 I met Mr. Clark after hearing him speak at a National Association of Corporate Directors meeting. He was surprisingly candid in his comments at the meeting, and after. He pointed out that null . He said it was impossible to do business without working on-line, and simultaneously it was impossible to think any company – of any size – could stop an attack from successfully getting into the company. The only questions one should focus on answering were “How fast can you discover the attack? How well can you contain it? What can you learn to at least stop that from happening again?”
Target was a crime victim, as can happen to any company
So, while the Target attack was large, and not discovered as early as anyone would like, to think that Target is in some way wildly poor at security or protecting its customers is simply naive. Several other large retailers have also had attacks, include Nieman Marcus and Michael’s, and it was probably bad luck that Target was the first to have such a big problem happen, and at such a bad time, than anything particularly weak about Target.
We now know that all retailers are trying to learn from this, and every corporation is raising its awareness and actions to improve cyber security. But some company will be next. Target wasn’t the first, and won’t be the last. Companies everywhere, working with law enforcement, are all reacting to this new form of crime. So firing the CEO, 2 months after firing the CIO (Chief Information Officer), makes for good press, but it is more symbolic than meaningful. It won’t stop the hackers.
Investors and customers have a lot to lose given Target’s competitive performance
Where this decision does have great importance is to shareholders and customers. Target has been a decent company for its constituents under this CEO, and done far better than some of its competitors. The share price has doubled in the last 5 years, and Target has proven a capable competitor to Wal-Mart while other retailers have been going out of business (Filene’s Basement, Circuit City, Linens & Things, Dots, etc.) or losing all relevancy (like Abercrombie and Fitch and Best Buy.) And Target has been at least holding its own while some chains have been closing stores like crazy (Radio Shack 1,100 stores, Family Dollar 370 stores, Office Depot 400 stores, etc.)
Just compare Target’s performance to JCPenney, who’s CEO was fired after screwing up the business far worse than the cyber attack hurt Target. And he was a former hero running Apple’s retail stores.
Or, look at Sears Holdings. CEO Ed Lampert was heralded as a hero 6 years ago, but since then the company he leads has had 28 straight quarters of declining sales, and closed 305 stores since 2010. The Kmart division has become a complete non-competitor in discounting, and Sears has lost all relevancy as a chain as it has been outflanked on all sides. CEO Lampert has constantly whittled away at the company’s value, and just this week told shareholders that they can simply plan on more store closings in the future.
And vaunted Wal-Mart is undergoing a federal investigation for bribing government officials in Mexico to prop up its business. Wal-Mart is constantly under attack by its employees for shady business practices, and this year lost a National Labor Relations Board case regarding its hours and pay practices. And Wal-Mart remains a lightning rod for controversy as it fights with big cities like Chicago and Washington, DC about its ability to open stores, while Target has flourished in communities large and small with work practices considered acceptable.
Finding a good replacement for Steinhafel will not be easy
CEOs, and Boards of Directors, across the nation have been seriously addressing cyber security for the last couple of years. Awareness, and protective measures, are up considerably. But there will be future attacks, and some will succeed. It is unclear blaming the CEO for these problems makes any sense – unless there is egregious incompetence.
Now, null . Destroying KMart, while battling Wal-Mart, and still trying to figure out how to compete with Amazon.com is a remarkably difficult job. Perhaps the toughest CEO job in the country. Steinhafel had performed better than most. Investors, and customers, may soon regret that he’s not still leading Target.