In response to the news that banks are gearing up for a big fight with retailers over who covers the cost of cyber attacks, after they paid most of the bill for breaches that they blamed on retailers’ own security deficiencies, Phil Lieberman, CEO of Lieberman Software Corporation writes:
“This is a great example of the pot calling the kettle black. The card issuers in the USA have been fighting tooth and nail to inhibit EMV chip technology for the last decade, and then blaming the retails for card not present (CNP) fraud caused by the lack of EMV technology on their part. On the other hand, many large retailers have engaged in a pattern of egregious disregard for the most basic elements of security that EMV adoption will have no effect on improving (think email and customer lists).
The retailers that have been publicly breached (repeatedly in some cases) have wretched to non-existent IT security and have had little to no regard for the personal information of their customers. The behaviour of some retailer CEOs makes it clear that they could not care less about the consequences of mass disclosure of personal identifiable information (PII). This reckless behavior has been allowed by the government and the financial penalties to date have been inconsequential, thereby emboldening other retailers to be even more lax in their care of customer information than normal due care would demand.
For most retailers, IT security is seen as a reactionary spend to resolve point in time incidents. With the form of IT being a cost centre that is seen as a place to continuously reduce costs, the idea of investing in security unless absolutely mandated is seen as waste of resources by many CEOs. For many CEOs the idea of investing in cyber security is seen as a waste of shareholder profits.
It is clear that now is the time for the legislature to put down some bright lines and serious consequences for CEOs that disregard the rights of their customers by not investing in security as well as process to secure the personal information of their customers.”