When Home Depot and Target experienced large-scale security breaches on payment systems in 2014, it hit those top retailers hard: Criminals stole millions of consumers' debit and credit card data; the companies lost hundreds of millions of dollars in fines and lost sales; and their brand reputations suffered.
A fear of similar breaches rippled out to the entire retail IT industry and continues to reverberate a year later, said Forrester Research vice president and principal analyst George Lawrie. In a discussion in early 2015 with senior members of the CIO Council of the National Retail Federation (NRF), he said that the high level of concern caused by the breaches had not died down and data security was top-of-mind for the vast majority of attendees. He says "they emphasized that No dollar is too much to protect our customer's data.'"
In an NRF/Forrester report based on those discussions and survey data, Lawrie found that security and governance has become a top priority for retail CIOs as they seek to prevent future breaches, while also trying to deal with the proliferation of new technologies that CMOs and other business colleagues want to introduce, including mobile apps and analytics. The report found CIOS are working to balance putting structures in place to exercise appropriate governance, while at the same time fostering the innovation that creates bottom-line business value as retailers face increasing competition.
"CIOs don't want to be seen as Dr. No, but there needs to be some kind of coordination of what's going on," Lawrie explains. "At the moment, LOB executives are under a lot of pressure to respond to the fact that customers are behaving in different ways, but CIOs need to balance risk against incremental value."
Every retail budget has become an IT budget
This governance balancing act has emerged because over the past five years, every budget within retail has essentially become an IT budget, says Tom Litchford, vice president of retail technology at the National Retail Federation. Marketing, for example, has a budget highly dependent on technology to implement the solutions or applications that retailers want, as they shift their strategy from old-school, cost-cutting thinking to driving a better customer experience.
"IT has fought to get rid of silos and drive governance around technology for decades," he says. But as other departments acquire technology outside of IT, those silos begin to be built again and IT has to step in and make sure the company is not exposing itself to cybercrime issues. "If you lose the customer's trust, you're pretty much out of business," says Litchford. "So, you have to go through the process of setting up agreements with every group acquiring their own IT, to assure that they have the goal of the overall business in mind."
Sign up for Computerworld eNewsletters.