March 31, 2014
In my interview with Dr Pepper Snapple Group’s Rose Kuba-Herbig, she discusses how risk professionals “often are viewed as the ‘naysayers,’ the ‘doom and gloomers,’ or the ‘better nots.’”
The fear of earning one of those distinctions is understandable. Risk managers are the designated worrywarts; it’s their job. And from the looks of the responses we received to this month’s question, many of them are losing sleep over cybersecurity and cyber liability issues.
One need look no further than Target’s mess. In December 2013, the retailer told nearly 100 million of its customers that personal and credit card information had been stolen. Last month, the company released dismal fourth quarter earnings, which it partly blamed on the data breach, and noted that it had cost them $61 million so far. Target executives said that they could not estimate the breach’s future costs, which included stomach-dropping phrases like “counterfeit fraud; civil litigation; and governmental investigations and enforcement proceedings.” Ouch.
There are two more important details about this breach that you should know. The first is that hackers gained access to Target’s data via network credentials the company gave to an HVAC partner (that company’s email was hacked). The second? Insurers are already on the hook for $44 million of the costs.
So the next time you see a risk manager, give them a pat on the back—and maybe a bottle of Tums. More than likely, they’ve earned it.