The News: Cybersecurity provider Imperva loses its CEO following a data breach announced on August 27th that impacted the email addresses and passwords of more than 13,000 customers. Chris Hylen stepped down from his role as CEO last week, and chairman Charles Goodman will step in in an interim role until the search for a replacement is complete. Read more at Channel Futures.
Imperva Data Breach has Consequences for CEO
Analyst Take: The topic of the Imperva data breach caught my eye this morning on the news of the CEO exit. When a cybersecurity vendor offering “best-in-class” solutions to protect data and applications suffers a data breach, it’s more than a little difficult to maintain credibility—among customers and in the marketplace as a whole. The Imperva data breach was discovered to have occurred while the company was migrating its user base to AWS. A compromised AWS API key was identified as the access point and the compromised database stored customer email addresses, hashed and salted passwords, API keys, and TLS keys.
In the aftermath of the August discovery, the company rotated 13,500 SSL certificates, regenerated some 1,400 API keys and changed 13,000 passwords, and of course notified clients While investigations have thus far not shown any malicious activity targeting customers as a result of the breach, the hit to the company’s reputation is a substantial one. And the CEO is paying the price.
The Imperva – Thoma Bravo Back Story
Founded in Israel and headquartered in Redwood City, CA, Imperva develops and sells information security software for web apps and databases, on-premises, in the cloud, and across hybrid environments. The company has offices in both Redwood City, CA and in Tel Aviv and central Israeli’s Rehovot.
Acquired by Thoma Bravo, a private equity firm focused on the software and technology-enabled services sectors in mid-January 2019 for $2.1 billion, the acquisition was touted as bringing next-level strategic expertise to the company, enabling a new chapter and accelerating what a period of rapid growth.
Mad Props for Transparency in Communicating the Breach
Cybersecurity breaches happen daily and many organizations do a poor job of communicating about the breach, both internally and externally. There’s a right way to do this, and a wrong way, and the right way is to take immediate steps to fix the problem and also communicate what you know as quickly as you know it. Trust and transparency are highly valued, by customers, the industry, and the media. This detailed update and explanation by Chris Hylen, posted on the Imperva company blog is an excellent example of what to do when a breach happens to you.
The Cybersecurity Business isn’t a Stress-free One
The cybersecurity business takes no prisoners. It’s stressful and demanding, and that is not likely ever going to change. And today’s CEOs should take heed. Cybersecurity isn’t just the responsibility of the CISO or CIO, it’s the responsibility of the organization’s leadership as a whole, from the boardroom, through the C-suite, to the entire employee base.
There is increasingly little to no room for error, as we see in a situation like the Imperva data breach. While Hylen most assuredly didn’t play a role in the migration to a cloud-based database service, when you’re the CEO you bear the responsibility for the credibility of the company—and it’s no surprise to see him stepping down. This should be an attention-getter for anyone at the helm of an organization, especially one operating in the cybersecurity space.
Cybersecurity Should be one of the Fundamental Pillars of Business Strategy
The cybersecurity landscape is a highly competitive one. Imperva’s competitors include top competitors like Netskope, CipherCloud, and Protegrity, along with industry heavy hitters like McAfee, Juniper Networks, FireEye, Barracuda, and Qualsys. This is a crowded space and will continue to be highly competitive and situations like this on the part of Imperva open up a competitive advantage that can be easily leveraged by competitors.
That’s where the role cybersecurity as one of the fundamental pillars of business strategy comes in. There’s almost nothing more important within an organization than security. Accidents happen, but they can also cause serious damage to the company as a result. Doing everything you can to create a business strategy with security at its core and endeavoring to create a security first culture within the organization are business mission critical.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.
More of my insights on cybersecurity:
Image Credit: BankInfoSecurity
Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”