A WSJ profile of Target CIO Michael McNamara outlined the retail giant’s shift in IT strategy following the damaging 2014 data breach—from outsourcing functions like software development to hiring more in-house technologists, or what the industry refers to as “in-sourcing.”
In a retail environment that has quickly shifted towards digital and is dominated by larger players Walmart and Amazon, executives like McNamara and Target have to move fast to roll out digital tools that eliminate friction for the customer, anticipate their needs and create a better overall experience—outside the store.
The profile and anecdotal stories about Target’s tech strategy provide insight into how much technology has transformed the retail sector. As Target Chairman and CEO Brian Cornell states in his 2018 letter to shareholders, “Digital channels continue to play a key role in our overall sales growth. In 2018, comparable digital sales grew 36 percent, capping the fifth-straight year in which our digital growth has topped 25 percent. Today, Target’s digital performance is delivering more than $5 billion in annual sales—and driving additional growth across the business.” A majority of the company’s overall sales growth now comes from digital sales (Q3 report).
In this era of digital transformation and deceleration of in-store traffic, technology plays an indispensable role in a retail company’s pursuit of sales growth. This makes sound business sense, considering Target’s and other traditional brick-and-mortar retailers’ collective need to wrest away a larger piece of the fast-growing digital commerce pie from Amazon.
But, from a Cyber-Financial perspective, too many companies are not doing enough to prioritize security when aggressively expanding their digital footprints in pursuit of growth. We are not comparing either the cyber or business performance of Target and Macy’s, but our recent note on Macy’s outlines the downside risk of not investing sufficiently in security amid the digital race in retail. Looking at Target, while Cornell rightly emphasizes the company’s digital sales growth and McNamara calls attention to customer benefits, cybersecurity merits little discussion in the 2018 annual report or recent quarterly reporting. This is not surprising absent mandatory cyber risk disclosure as part of financial reporting, despite the increasing recognition of cyber as a top business risk.
C-suites and boards are increasingly struggling with how to strike the balance between growth, cost, and security amid increasing technology investment and the pressure to digitally transform. For shareholders of a company that previously experienced a costly breach that erased more than $100MN in shareholder value, the risk of sacrificing security in the name of growth and cost should be clear.