[Updated 4/2/16] Here’s a question: Do we as business leaders wish to leave our Enterprise Resource Planning, Customer Data, and Market Data systems security to chance or government? The many endless stories about data breaches and this year’s argument between Apple and the FBI is what begs this question for me. (Here’s where I came down on the Apple thing.)
Security breaches at major retailers demonstrate that business is, in general, not keeping up with the change in how we have become dependent on data. It’s difficult to find any organization today that isn’t directly or indirectly dependent on data processing to one extent or another.
Banks are getting tired of shouldering the responsibility for the financial liability of data breaches. At first, they tried to shift the burden to consumers by pushing debit cards on the public. When they found that there was pushback on their taking their own sweet time refunding purchases on stolen cards, they had to change their policies to protect the public, similar to what they do on credit cards. Some consumers (I am one) refuse to use debit cards.
Now banks are pushing for legislation that will help them share the liability by forcing the weakest link in the retail chain to pay for the fraudulent transaction. I don’t blame them. It seems only fair. If Target, Staples, Walmart, and the like can’t secure their transactions, why should the consumer or the bank pay?
I assume that the consumer will, as usual, suffer in the beginning until the system straightens out. I also believe that we will all bear the cost of putting in new, more secure systems – like the long-overdue Chip and Pin system used in other countries for years.
However, while the retail business will undoubtedly be forced to change soon, the Sony security breach makes it clear we all have work to do, investments to make, and systems to implement. It is also clear that if we do not “step up our game,” our businesses will be susceptible to significant financial losses along with a loss of reputation and brand.
For some companies, this new focus on security will be an opportunity, since that is the service they provide. It will be up to the rest of us to make use of in-house and out-sourced talent to do our best to keep up with the demands of this information age economy.