A Major Business Incident
A business incident is a discrete business occurrence or business event that arises out of something significant. These untoward events lead the business towards a loss, disaster or damage. Many organizations have an incident management team to deal with such business hazards and apart from correcting the hazards, they also aid to prevent a future re-occurrence. According to a news article by The New York Times, cyber attacks are at an increasing level and are a growing threat to any business drastically. According to the FBI, cybercrime has been ranked as the top law enforcement activity in the United States and there have been a number of major business incidents around the world because of cyber attacks (Granville 2015). Many of the world’s developed economies are spending millions of dollars for achieving cyber security to protect the business of their countries, including Australia. The present essay will discuss one major business incident that took place in the December of 2013 in the United States, named Target. It was one the largest data breach to be ever reported and this essay will describe the incident and analyze the way the company handled the issue after it happened.
The Target data breach had a phenomenal effect on the customers of Target Corporation USA because 70 million customers were affected by this data breach. The hackers stole the records of 40 million debit and credit cards from the customers of Target and personal information like mailing address and emails were also stolen from 70 million customers (Young 2013). The hackers installed malware on the network of the company that helped to siphon the information of the customers and it happened during the period of holiday shopping for Christmas. This was a massive blow to the business of Target as the profit for that quarter fell by 46%. Forbes interviewed the Chairman of the retail corporation Gregg Steinhafel regarding this major cyber breakout and he responded by apologizing to their customers. He expressed his repents and said that understanding the gravity of the situation is important to prevent the re-occurrence of such mishaps. This business incident hit the business so badly that there was a decline in the sales from 2% to 6% and the prices of its share fell in the range of $1.20 to $1.30, as against the previous anticipated higher prices during that quarter, as it happened to be a holiday season (Forbes.com 2016). Target Corporation happens to be the second largest retailer in the United States and during the Christmas season, the business soars high. Arguably, it can be said that Target Corporation did not take enough precautions to prevent a data breach and the applied intervention was not sufficient to stop the hackers from reaching the customer data. Apart from the financial loses, the retailer also lost its reputation and this was something that hit the worst. Customers were alerted, the sales decreased marginally and it was reflected severely on the profit of the company (Reuters 2015). The impact of the breach in the financial market was huge and CNN money looked into the matter with a closer perspective after the business incident happened. The spokesperson of Target Molly Snyder was interviewed and she revealed that there was unauthorized access to the Target database and they retail company identified the breach and resolved it accordingly. In another interview, the security researcher Brian Krebs reported that the thieves gained their access to the data recorded on the magnetic tapes of the cards of the shoppers and created counterfeit versions of the cards (Staff 2016). Most of the major credit card organizations monitored the situation, encouraged and educated their customers to report the fraudulent charges at the time of detection. After such a massive data breach, the hackers intend to sell the obtained information in bulk on the black market for making duplicate debit and credit cards by the crime rings. Further, the fake cards can be used in the major retail stores to but gift cards and eventually convert them into cash. By this process, the customers will be on a verge to lose a huge amount of money and since Target Corporation is directly involved in this fraud case, the business incident was big enough to generate a big statement of loss in the financial reports of the business for that particular quarter. USA Today reported that as much as $50 million is lost every year due to data breach and because of this, the businesses suffer greatly. Almost 85% of businesses in the United States experience the threat of data breach and continue to seek methods to protect its business and customers from the threats of malware (USA TODAY 2016). If considered from an alternative point of view, it can be said that the businesses are struggling for the implementation of the appropriate controls and policies that are required for mitigating the financial, regulatory and legal risks that are associated with the failure to customer security. This is the case of both the cases of before and after the occurrence of a data breach. Ignoring the threats of cyber attacks is another way to discount the corporate reputation and customer reputation on a long-term basis. From the collected facts and information, it can be stated that data breach can be extremely costly for business. The severity of the incident can be felt from the fact that two of the US senators came up with the investigation demands for the breach. The security measures of Target were also questioned as whether they had employed appropriate and reasonable measures for protecting the personal information of the customers. Based on these allegations, several plaintiffs filed lawsuits against the retail corporation demanding proper justice to the affected customers (CNBC 2014). Analyzing these facts, it can be said that arguments can be developed from this case of the business incident whether it was the fault of the organization of not taking care of its data security measures or the hackers had advanced malware to break into the well-guarded security system of the retailer. Intense investigations were carried out to bring up the truth however, it was Target Corporation who lost its corporate brand value, share value, customers and reputation after the business incident.
After the incident, it was very important for the company to handle the issue. Since it was a huge data breach, the retailer had to reimburse the loses to the sufferers. $67 million was the amount the retailer had to reimburse the financial institutions. The company tied up with Visa and Master Card incorporations to payback the debts, on behalf of the banks. In addition to this, $10 million was paid by Target to the customers who were hacked for settlement of a lawsuit (International Business Times, 2014). The CEO of Target Corporation Gregg Steinhafel addressed to the media apologizing for the loss, estimated the damage and assured protection for future transactions and compensation for the loss. Security experts were hired from Verizon for probing the weakness in the network. However, the results of the investigation were confidential and were never revealed as 40 million credit and debit cards were stolen (Edelson 2013). The company declared that they had created new teams by bringing in new leaders and opened a center for cyber fusion. The retailer pledged to become a world leader in cyber security to infuse back the confidence of its customers. The company decided to lay off 475 employees and left 700 positions vacant (Ellis 2014). For boosting up the morale of the employees, the company allowed its employees to have a casual dress code to get over the stress. $100 million was invested to update the technology to prevent the re-occurrence of the business incident and finally, the CEO of the company Gregg Steinhafel resigned (Kashmiri, Nicol and Hsu 2016).From all these facts, it is quite evident that Target handled the situation with extreme cautiousness. Analyzing the post-incident situation, it can be stated that the wisdom and process of learning from such business incidences are incontrovertible. These business incidences are nothing but accidents, either due to negligence or unintentional (Aoyama et al. 2015). The retailer took the straightforward path to compensate the customers, laid off employees and leverage the security arrangements to prevent future mishaps. However, it can be argued that the company could have taken an alternative way to deal with the situation. The retailer could have reflected on where did they went wrong and assigned a team to undertake the investigation followed by generation of an investigation report to avoid future incidences. It could have retained its employees rather than laying them off as it would have boosted their morale and confidence to prevent future incidences. Incidences should not be viewed as a bad situation as for some organizations it is bad, for some, it is inevitable and even sometimes it is good. In this case of Target Corporation, the incident was inevitable as the hackers installed a malware in the billing system but the company should have taken it a challenging opportunity for learning and implementing safe cyber security practices. Rather, the company took it as a threat and the aftermath ended with the resignation of the CEO. After such a major incident, communication is the prime step that has to be taken by an organization on both the internal and external phases (Vlietland and Vliet 2014). From the substantive point of view of the facts, Target did communicate with its customers and clients and addressed the press about the data breach. Next step is the determination is the cause of the incident taking into consideration the entire data traffic and network recording. Target hired a team of professionals to analyze the cause of the incident and detected the malware that caused the trouble. Next, the company should focus on the future relapse of such incidences by boosting up its security arrangements (Kenealy 2014). Target did the same by setting up a cyber fusion center and pledged to become a leader in the prevention of security breach. Implementation of the proactive technologies is crucial after the occurrence of a data breach incident and therefore, Target did exactly that was desirable in such a situation. Arguably, it can be said that dealing with a situation like data breach can be stressful and the organization apart from realizing its seriousness should trust its employees in retaining the private information of the company. Possibilities do exist that the employees laid off by Target could reveal the private information of the organization and such incidences of a data breach can be repeated in future. Prevention of business incidences should be the ultimate goal of an organization after an incident has taken place and Target was successful in following the trait. One of the most important aspects of business incidents is the initiation of blame game within the organization that further aggravates the intensity of the situation. Faults and failures are inseparable aspects of an organization and a blame game can psychologically harm the people associated with the incident (King 2014). Target did not follow this path of blame game and therefore, it was successful in coming out of the stressful situation without any information about internal clashes.
From the substantial facts and analysis, it is evident that data breach can be a major business incident and it imparts a deep impact on the business. The company suffers not only financially but also its reputation is on a stake. To add to the list, it loses few of its valuable employees along with the main accused of the damage. The incident management team of the organization needs to exhibit their professionalism, effectiveness and efficiency to demonstrate the damage control. Building up of an appropriate and robust incident process can cause less pain to the organization if any such incidence occurs. Such a process can benefit the organization by continuous supply of security against cyber crimes and prevent such major business incidences in future. Data breaching is rising in Australia as well and the Australian business is no safer. The Australian privacy laws are being framed to prevent the occurrence of data breach as it costs the business heavily.
Aoyama, T., Naruoka, H., Koshijima, I. and Watanabe, K. 2015, “How Management Goes Wrong? – The Human Factor Lessons Learned from a Cyber Incident Handling Exercise”, Procedia Manufacturing, vol. 3, pp. 1082-1087.
CNBC. (2014). Painful lessons from Target’s massive data breach.
Crosman, P. 2013, “40 Million Target Data Breach Has Become a Card Data Fire Sale: Krebs”, American Banker,vol. 178, no. F349.
Edelson, S. 2013, “Pin Numbers Stolen In Target Data Breach”, WWD, vol. 206, no. 131, pp. 6.
Ellis, K. 2014, “Sens. Step Into Target Data Breach Probe”,WWD, vol. 207, no. 10, pp. 2.
Forbes.com. (2016). Forbes Welcome.
Granville, K. (2015). 9 Recent Cyberattacks Against Big Businesses.
International Business Times. (2014). Timeline of Target’s Data Breach And Aftermath: How Cybertheft Snowballed For The Giant Retailer.
Kashmiri, S., Nicol, C.D. and Hsu, L. 2016, “Birds of a feather: intra-industry spillover of the Target customer data breach and the shielding role of IT, marketing, and CSR”,Journal of the Academy of Marketing Science.
Kenealy, B. 2014, “ORGANIZATIONS STRUGGLE WITH EVOLVING CYBER THREATS; Target data breach changes perception of risk for all organizations”, Business Insurance, vol. 48, no. 10, pp. 17.
King, W. 2014, “How Financial Partners CU Reacted To Target Data Breach”, Credit Union Journal, vol. 18, no. 6, pp. 1.
Reuters 2015, Ruling Allows Banks to Sue Target Over 2013 Data Breach: Brief, Late (East Coast) edn, New York Times Company, New York, N.Y.
a name in assignment writing services that
students trust. We offer our assignment writing services for a wide variety
of assignment including essays, dissertations, case studies and more. Students can place
their order with us anytime as we function 24×7, and get their copies at
unbeatable prices. We guarantee that all of our solutions are plagiarism-free.