CEOs are no longer safe


If any company embraced the ethos of “any publicity is good publicity,” it was Avid Life Media. The operators of extramarital affairs website Ashley Madison received little but criticism over their morally questionable services, which surely played a role in the website’s eventual growth to over 37 million accounts across 53 countries. When the company made headlines earlier this year, its ethos was pushed past the breaking point, resulting in a panic among customers, multiple class action lawsuits and the eventual resignation of CEO Noel Biderman.

A massive data breach resulted in the account details of its 37 million users being released publicly online. Biderman himself came under massive scrutiny for the security breach and was even personally targeted by the hackers, who also included his personal emails in the data dump. Biderman’s resignation was announced by the company just one month after the attack, though the former CEO remained a figure of controversy for much longer.

Biderman was far from the first CEO to fall on the sword following a cyber security breach. A 2011 breach at US security firm HBGary left then-CEO Aaron Barr in a similar situation. The breach was performed in retaliation after Barr told the Financial Times he would be revealing the identities of some of the “leaders” of hacking group Anonymous. Members of the group responded by obtaining and releasing 71,800 of his private emails online, as well as defacing several of his online profiles. Barr responded by stepping down from his position at HBGary, in hopes that keeping his distance from the company would allow it to dissociate it from the bad press he had attracted.

“Given that I’ve been the focus of much of the bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that,” he told Threatpost. “I’m confident they’ll be able to weather this storm.”

Even CEOs that weren’t personally targeted have been forced to step down after data breaches, such as former Target CEO Gregg Steinhafel. After the credit card details of 40 million shoppers and the personal details of 70 million customers were breached, Steinhafel was quickly replaced. Though he lacked the controversial image of Biderman and was free from the scorn of hackers, like Barr was, he was still unable to retain CEO status.

CEOs simply aren’t safe anymore when a cyber security breach occurs. However, with hackers finding new opportunities to breach databases, the trend is unlikely to come to an end anytime soon. In an article on 2016 predictions in the cyber security field, Steve Katz, the world’s first chief information security officer (CISO), said he suspects the growing number of examples will lead companies to place greater focus on cyber security, leading to the rise of the role chief information risk officer (CIRO).

The CIRO’s duties go beyond security, with an emphasis on managing risk and reporting directly to the CEO. With cyber security breaches becoming more common and CEOs often falling as a result, perhaps enterprises can’t afford not to embrace the role of the CIRO.

Regardless of the solution companies choose, it will be interesting to see how they deal with the security breaches that will inevitably occur next year and beyond – and how the fallout will transform the cyber security landscape.