Skip to main content

Secondary navigation:

Carroll School of Management

Cypber Security

Brian C. Cornell

Chairman and CEO, Target Corporation

Excerpt from remarks to Boston College’s Chief Executives Club  

February 3, 2016

TAKEAWAY: Cybersecurity

Audience Member:
Hi. I’m Cliff Scott, New England College of Optometry. What lessons learned would you share with us about data breach?

As you might imagine, over the last 19 months, I’ve answered that question hundreds of times. The only difference is now it’s not the first question. It’s usually second, third, or fourth. I’ll try to be as succinct as possible, because the lessons are important for all of us. While Target, because of the iconic nature of the brand, the size of our company, spent a lot of time as the poster child for this topic, across the room here today, all of us share in this threat. Whether you’re in banking, you’re in retail, you’re in restaurants, name the business—certainly we’ve seen what’s happened in health care and in entertainment—we all have a common enemy.

If we think about our risk maps as leaders, on the very top of that has to be cybersecurity. It’s something that we have to be thinking about 24 hours a day. We’ve certainly learned the importance of making sure we have the right commitment, the right technology to ensure we’re constantly monitoring, we’re always there looking to detect a problem. When problems occur—and they will occur—how do you contain it as quickly as possible and move to remediation?

This is an industry-wide issue. I actually consider this one of the biggest threats to commerce in America. We’ve spent a lot of time, as a company, working with partners in DC to make sure that we can begin to work together more effectively to build the right defense mechanisms, because the people that are challenging us today, I will tell you, are incredibly well funded. They’re extraordinarily well educated. They are organized and looking at ways to impact all of our companies every day. And the threat’s not going to go away.

So as leaders of any business in any sector, we’ve got to make sure that we’re dedicating the time and attention to managing data security. We have to have the right tools and talent in place. But we also have to have a strong partnership in Washington, and we need to figure out ways to defend ourselves against the bad guys. But we’re also working to find ways to make sure they can’t monetize the data as easily as they do today.

One of the great lessons for me and for probably other retailers in this room—others that have been impacted—is this is a very attractive space, if you’re one of those bad guys, because there’s a market for that data, and it gets distributed through very sophisticated channels. People can take those cards. They’re creating their own form of payment. They’re selling it on the Internet or at swap meets on Saturdays. It’s a very attractive business. So we’ve got to stop that as well.

But it’s something that as a company, we think about all the time. We’ve developed a sensational team—great talent and capabilities. But it’s not going away, and it’s something that we all need to be working together to make sure that we share insights, we share lessons learned, and we avoid this becoming a major national issue again.