Proxy adviser Institutional Shareholder Services is urging shareholders to overhaul Target’s (TGT) board in the wake of last year’s wide-scale data breach.
In a report on Wednesday, ISS recommended a vote against seven out of 10 directors “for failure to provide sufficient risk oversight” as members of the audit and corporate responsibility committees.
The firm, whose advice can influence the way shareholders vote, also backed a proposal to mandate a separation between the roles of chairman and chief executive.
Earlier this month, chief financial officer John Mulligan was named interim CEO of Target after Gregg Steinhafel resigned. Roxanne Austin stepped in as interim non-executive chairman.
ISS is telling shareholders to vote against the election of Austin, Mary Minnick, Anne Mulcahy, Derica Rice, Calvin Darden, Henrique De Castro and James Johnson, while Wells Fargo (WFC) chief John Stumpf, Douglas Baker and former U.S. Secretary of the Interior Kenneth Salazar received the firm’s support.
“The Data Breach revealed that the company was inadequately prepared for the significant risks of doing business in today's electronic commerce environment,” ISS wrote in its report. “It appears that failure of the committees to ensure appropriate management of these risks set the stage for the data breach, which has resulted in significant losses to the company and its shareholders.”
In a statement, Target said its board considers risk oversight to be a responsibility of the full board, and oversight occurs as a “continuous part of the board’s review of Target’s strategy and specific initiatives that support the strategy.”
Target also said its directors are re-examining the entire risk oversight structure after the cyber-attack, since the company was certified as PCI-DSS compliant prior to the breach.
According to the ISS report, the retailer held discussions with ISS and acknowledged the need for more stringent internal capabilities to find possible security risks, instead of relying on external evaluations.
Target reiterated its opposition to mandating an independent chair, saying the board prefers to maintain flexibility and has other governance practices in place to prevent a concentration of authority.
“The board has not made a decision at this time on whether continue with an independent chair and will re-assess its leadership structure once a new CEO is announced,” Target said.
Target has struggled to regain its footing after a data hack that compromised 40 million credit cards and 70 million individual accounts during the holiday shopping season. The security breach exacerbated other challenges facing Target, including a rough start in Canada.
As part of its response, the Minneapolis-based retailer announced plans to use MasterCard’s (MA) chip-and-pin cards for Target-branded cards. Target also named Bob DeRodes to the new position of chief information officer to lead technology operations.
On Wednesday, Target unveiled the formation of a digital advisory council that will help guide the company’s omnichannel strategies and “push Target to innovate faster.”
The council includes Bain Capital Ventures managing director Ajay Agarwal and Orbitz Worldwide (OWW) chief technology officer Roger Liew.
Target shares were down 0.7% at $55.38 in recent trading. The stock has dropped about 12.5% since the start of 2014.