The first major task for Alex Baldock as Dixons Carphone CEO is to navigate the business out of its data breach black hole, but there’s an opportunity to set a cybersecurity agenda for the wider retail industry.
I wonder what new Dixons Carphone CEO Alex Baldock is thinking, right now.
He made his thoughts quite clear during the electricals retailer’s first trading update under his leadership in May, effectively slamming the previous regime by saying the company was “nowhere near” making the most of its strengths and that “nobody is happy with our performance today”.
But in the months since, the company has revealed a major data breach, where approximately ten million records containing customers’ personal data may have been accessed in 2017. There is evidence to suggest some of this data may have left the company’s systems, and even though these records do not contain payment card or bank account details, and no related fraudulent activity has been reported, it’s clearly a massive concern for all involved.
I wonder if Alex Baldock had wind of the news in May before it was officially announced, and during the trading statement, which also involved the issuance of a profit warning, he was displaying his anger towards the former senior team in control at the time of the breach.
Led by then-CEO Seb James, who recently started his new job as managing director of Boots, Dixons Carphone showed strong momentum for several years as it built a leading position in the UK electricals market thanks to the coming together of Dixons Retail and Carphone Warehouse – and the lack of big box rivals. The fact the data breach occurred under the James regime does put something of a black mark next to his tenure, despite the progress made by the business at that time, and Baldock’s first key role as his replacement is to pick up the pieces.
When accepting the CEO position at the start of 2018, Alex Baldock – who had previously spent six years turning Littlewoods owner Shop Direct from an old-school catalogues business to a thriving digital operation driven by popular websites such as Very.co.uk – spoke of building on James’ achievements and his excitement at getting to know the Dixons Carphone people and the retailer’s customers. He’ll certainly be getting to know the IT and business teams very closely, as he leads an investigation into what caused the data breach and puts processes in place to prevent it from happening again.
And he’ll certainly be getting to know the customers, although perhaps in a way he hadn’t expected initially, as the company embarks on a strategy of contacting all shoppers who had their personal data compromised to apologise and advise on steps they can take to protect themselves.
C-security is c-level issue
The truth is that Alex Baldock needs to own this problem and be the driving force behind fixing it and protecting his organisation from future cyberattacks.
Back in 2014 when I was editor of the online trade title, Essential Retail, we ran a series of articles from professional services firm Alvarez & Marsal (A&M), with one key consistent theme being that cybersecurity needs to be made a board-level issue.
Ian Woosey, a director at A&M at the time, said the retail sector was long overdue in acting on the emerging issue of cyber risk and that the CEOs who did act would be the ones who successfully jumped ahead of the competition. He advised they sponsor proactive, enterprise-wide cybersecurity programmes that protect customer and business data, rather than waiting until an attack has happened before addressing it.
Prevention is always better than cure, and cybercrime is certainly no longer something that can be deemed an IT problem. But there is still a lot of work to do to raise its importance within retail boardrooms.
Although, the fact retailers such as Adidas, Macy’s, Sears, and Whitbread – like Dixons Carphone – have experienced breaches in the last 20 months, there does appear to be evidence senior teams are building defences. A recent blog from Jennifer Adams, senior forecast analyst at Forrester, suggests that things are moving in the right direction.
Adams says security and risk decision makers are spending more on application security and increasing deployment of application security tools in response to threats. Four out of ten global security decision makers indicate they planned to increase spending on application security in 2018, according to the analyst, while Forrester is expecting spending on application security solutions to grow to $7.1 billion by 2023, up from $2.8 billion last year.
I’d argue that this upturn in security spend is long overdue.
For Alex Baldock, though, the way he handles the situation over the coming months has the potential to set an example for other CEOs to follow. I’m sure when he took the job in April his major plans were to reduce silos in the business, drive innovation and efficiency through data and analytics, and technology, and improve sluggish sales in the company’s mobile phone division.
But right now his greatest achievement will be in successfully navigating the retailer out of its current cyberattack-influenced state while building up customer confidence in the brand in the process.