Lots of press this week about Target’s CEO and Chairman, Gregg Steinhafel, apparently being forced outBlame reached the top job after the successful cyber attack on the company last year.  But investors, and customers, may regret this somewhat Board level over-reaction to a mounting global problem.

Richard Clark is probably America’s foremost authority on cyber attacks.  He was on America’s National Security Council, and headed the counter-terrorism section.  Since leaving government he has increasingly focused on cyber attacks, and advised corporations.

In early 2013 I met Mr. Clark after hearing him speak at a National Association of Corporate Directors meeting.  He was surprisingly candid in his comments at the meeting, and after.  He pointed out that EVERY company in America was being randomly targeted by cyber criminals, and that EVERY company would have an intrusion.  He said it was impossible to do business without working on-line, and simultaneously it was impossible to think any company – of any size – could stop an attack from successfully getting into the company.  The only questions one should focus on answering were “How fast can you discover the attack?  How well can you contain it? What can you learn to at least stop that from happening again?”

So, while the Target attack was large, and not discovered as early as anyone would like, to think that Target is in some way wildly poor at security or protecting its customers is simply naive.  Several other large retailers have also had attacks, include Nieman Marcus and Michael’s, and it was probably bad luck that Target was the first to have such a big problem happen, and at such a bad time, than anything particularly weak about Target.

We now know that all retailers are trying to learn from this, and every corporation is raising its awareness and actions to improve cyber security.  But someone will be next.  Target wasn’t the first, and won’t be the last.  Companies everywhere, working with law enforcement, are all reacting to this new form of crime.  So firing the CEO, 2 months after firing the CIO (Chief Information Officer), makes for good press, but it is more symbolic than meaningful.  It won’t stop the hackers.

Where this decision does have great importance is to shareholders and customers.  Target has been a decent company for its constituents under this CEO, and done far better than some of its competitors.  The share price has doubled in the last 5 years, and Target has proven a capable competitor to Wal-Mart while other retailers have been going out of business (Filene’s Basement, Circuit City, Linens & Things, Dots, etc.) or losing all relevancy (like Abercrombie and Fitch and Best Buy.)  And Target has been at least holding its own while some chains have been closing stores like crazy (Radio Shack 1,100 stores, Family Dollar 370 stores, Office Depot 400 stores, etc.)

Just compare Target’s performance to JCPenney, who’s CEO was fired after screwing up the business far worse than the cyber attack hurt Target.  Or, look at Sears Holdings.  CEO Ed Lampert was heralded as a hero 6 years ago, but since then the company he leads has had 28 straight quarters of declining sales, and closed 305 stores since 2010.  Kmart has become a complete non-competitor in discounting, and Sears has lost all relevancy as a chain as it has been outflanked on all sides.  CEO Lampert has constantly whittled away at the company’s value, and just this week told shareholders that they can simply plan on more store closings in the future.

And vaunted Wal-Mart is undergoing a federal investigation for bribing government officials in Mexico to prop up its business. Wal-Mart is constantly under attack by its employees for shady business practices, and even lost a National Labor Relations Board case regarding its hours and pay practices. And Wal-Mart remains a lightning rod for controversy as it fights with big cities like Chicago and Washington, DC about its ability to open stores, while Target has flourished in communities large and small with work practices considered acceptable.  And Target has avoided these sort of internally generated management scandals.

CEOs, and Boards of Directors, across the nation have been seriously addressing cyber security for the last couple of years.  Awareness, and protective measures, are up considerably.  But there will be future attacks, and some will succeed.  It is unclear blaming the CEO for these problems makes any sense – unless there is egregious incompetence.

On the other hand, finding a CEO that can grow a business like Target, in a tough retail market, is not easy.  Destroying KMart, while battling Wal-Mart, and still trying to figure out how to compete with Amazon.com is a remarkably difficult job.  Perhaps the toughest CEO job in the country.  Steinhafel had performed better than most.  Investors, and customers, may soon regret that he’s not still leading Target.