August 4, 2014
By Marc Fogarty, CPA, CFE
In a previous blog on Cyber Security and Instilling Investor Confidence, I said, "Only time will tell whether Target’s response to their customers and their investors will have a positive impact in instilling confidence in the brand." Maybe that time has already arrived, as some are saying “the data breach was disastrous for the company,” while others see some merit in recent actions and lessons to be learned.
Let’s look at the facts…
After the breach, there were several immediate response tactics that Target took to instill brand confidence, such as a 10% discount the weekend following the reported breach and a free year of credit monitoring for customers. Even so, the stock price did dip considerably from January to February. However, by the end of February, there was a stock price recovery that almost reached pre-breach levels.
Target’s stock price has shown a rocky road of ups and down since then, with another noticeable dip towards the end of May. This dip interestingly occurred shortly after it was announced that CEO Gregg Steinhafel was stepping down and Bob DeRodes, who was formerly of Homeland Security, was to be the new CIO. Perhaps these changes, which were meant to instill investor confidence, did not immediately produce the desired effect.
There are other ongoing changes that Target is making to respond to the issue. If you go to the Target investor relations website, there is still a prominent area addressing “Response & resources related to Target’s data breach.” In April, Target announced that, starting in early 2015, all Target branded credit cards and debit cards would have MasterCard’s chip-and-PIN technology to enhance security. On June 10, Brad Maiorino was announced as chief information security officer, reporting to Bob DeRodes. Mr. Maiorino used to work for General Motors and, as stated by the Target press release, was “…responsible for leading the transformation of the company’s global information security and IT risk organization.”
Target’s proactive stance on security upgrades and corporate restructuring may have also had a positive effect on consumer confidence. Target did not see a sharp decline in consumer sales in the first quarter. In fact, Target’s first quarter U.S. sales increased, albeit very minimally, over last year. But Target did report an overall net loss because there were a lot of expenses related to the data breach and measures taken to prevent future security breaches.
From the stock market stats and the first quarter earnings report, it’s still not clear whether the Target data breach and their response has been ‘disastrous’ for the company. When you look past the hype, there is a lot to be learned from Target’s recovery process: This can help companies in evaluating their own risk management plans.