Ashley Madison members who had their hacked information disclosed are not the only people that have had a bad month. Last week, Noel Biderman, the CEO of Ashley Madison, stepped down because of the damage done by the data breach. Ashley Madison’s parent company, Avid Life Media, did not provide reasons for Mr. Biderman’s departure beyond a company statement that read: “This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees. We are steadfast in our commitment to our customer base.” The Ashley Madison breach raises concerns for corporate executives related to cybersecurity.
The Cybersecurity Buck Stops with Executives
If it had not been clear already, executives are typically held responsible for a data breach at their company. In addition to the Ashley Madison breach, a number of other corporate executives have recently seen their careers abruptly ended by a data breach. For example, the co-chairwoman of Sony Pictures, Amy Pascal, resigned in February 2015 after Sony’s massive breach. Likewise, Gregg Steinhafel, Target’s chairman and chief executive, resigned from Target after Target’s data breach. These incidents demonstrate that accountability for a data breach rests squarely with corporate leaders.
A Breach Can Also Disclose the Corporation’s Dirty Secrets
If accountability for cybersecurity is not enough to keep executives up at night, the troubles at Ashley Madison demonstrate that a breach is not limited to sensitive customer information but can also disclose private corporate information. It is reported that Mr. Biderman’s demise at Ashley Madison is also tied to corporate information and emails indicating Ashley Madison engaged in questionable business practices. Similarly, the departure of Amy Pascal from Sony Pictures is tied to the fact that emails in which she reportedly joked about President Obama may have called her leadership into question.
While there are many lessons to be learned from the Ashley Madison breach, corporate executives should use this breach as a guide to what can go wrong if they don’t make cybersecurity a priority. The obvious concern is making sure data stored by their corporation is protected from outside hackers as well as from threats inside the company. And, as Mr. Biderman learned the hard way, executives should limit the amount of valuable data stored by the company. This latest breach provides another reason for executives and their employees to read each email before they hit send and each document before they hit save.