This is a snippet of late last month. It is clear that Lockheed was trying to get a grip on the incident, which to have been linked to the earlier RSA breach.
Since the start of the year, we've seen numerous high-profile disclosure statements spanning industries as diverse as and . This swath of takedowns can be taken as proof that executives, including CFOs, from every organization need to be on alert and prepared.
While Lockheed spends a good deal of time in its statement talking about IT, just as important is the CFO's holistic view of what a breach -- or even hint of a breach -- could do to a company's reputation. IT will be laser-focused on security technology, but it is the CFO that has to band together with other C-suite executives to assure stockholders, customers and other necessary parties that the company has a handle on the situation and is in control.
A finds that "the average organizational cost of a data breach increased to $7.2 million [in 2010] and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009." Ponemon researchers added that "organizations' need to respond rapidly to data breaches drove the associated costs higher."
To inspire confidence in the wake of a disclosure requires significant upfront work. CFOs must be familiar with federal, state and industry privacy laws and their post-breach notification mandates. Organizations should have at the ready a formal statement, a method for notifying customers and possible mitigation plans such as having to quickly cancel user accounts or cards and issue new ones.