A piece came out in Businessweek on May 21^st, entitled, “Investors Couldn’t Care Less About Data Breaches “. The gist of the article is that for two out of three well-publicized data thefts (T.J.Maxx and Ebay), the stock price didn’t seem to suffer any damage beyond a blip at the about the time of the announcements (and in the case of T.J. Maxx, a temporary dip of 12 percent actually created a favorable buy condition). The 3^rd case of course is Target, but its stock woes are attributed more to a “softness in the industry ” and a troubled Canadian expansion.

So is it true that investors (and by extension, Boards of Directors) don’t care much when companies’ information assets are stolen? Or their information assets at all? Any generalization would be just that, a generalization. But let’s consider this: retailers believe that they don’t make their money selling bits (zeroes and ones); they make or lose money by selling atoms.Now that sounds pretty corny, but it’s fundamentally been true for a very long time, and it underlies something that most retail CIOs have known “forever ” – that the majority of retailers don’t think that their information assets are as strategic as, let’s say, their store base or their unique product offerings. Those things are tangible – you can touch them.

But one of the big underlying themes of RSR’s work since our inception 8 years ago is that retail over-performers ( “Winners “) have a different view – they use information as a strategic weapon to pummel the competition. The classic example is how Walmart used product movement information to optimize its supply chain in the 1980’s and thus achieved its world-dominant position. The other, more recent example is Amazon, which of course is a digital-native. It is no coincidence that Amazon is launching a smart mobile phone of its own – the company wants to “own ” the whole digital value chain to the consumer. And why not? That’s where the smart money is going.

Information = Digital = More Information

The future is as clear on this point as it’s going to get. While many companies in established economies are still considering how best to launch their digital presence via mobile, in emerging economies mobile is the presence, i.e. e-commerce isn’t shifting from desktops to mobile – instead mobile is the first experience. Not only that, but there is a generational divide in all markets, even the most established ones. Here’s an example: The British Office of National Statistics recently reported that 53% of British adults are using a mobile phone to access the internet this year, but 94% of those aged 16 to 24 are using some mobile device, compared to 17% of people aged 65. The future (obviously) belongs to the young.

Mobile/digital isn’t just about presenting information – it also creates more information. RSR uses a model to describe the total retail experience that we call “the five C’s “. Those are: Customer, Context, Content, Community, and Commerce. Without belaboring the point too much, two of those at a minimum can be easily delivered via digital (Content and Community). And as anyone who has used the Internet to buy something knows, Commerce plays well in the digital domain too. Consumers’ digital paths-to-purchase also throw off a huge amount of new information, and as any e-marketer or big data advocate will tell you, Context is easier to discover as a result of it.

Business as Usual?

But traditional retailers and their “owners ” are wedded to a traditional view of what their strategic assets are, and that increasingly gets in the way of understanding the value of information, or the risks associated with its use. Because, while consumers are getting really concerned about how data about them is being used or abused, for investors in retail companies it’s pretty much “business as usual ” and so there’s not much pressure on company leaders to change. The most recent example is the aforementioned Target. Despite a recommendation from proxy advisor Institutional Shareholder Services (ISS) that seven Target board members be ousted, shareholders re-elected the ten-member board at the company’s June 12^th shareholders meeting. ISS had contended in a letter to shareholders that the seven directors, who were members of the Target Board’s audit and/or corporate responsibility committees, failed to properly monitor the risk of theft of customer information.

Some industry watchers contend that the ISS challenge put the company management “on notice “. But did it put the whole industry on notice? We’ll see. The big issue is corporate risk management. Companies are supposed to wrap sound risk management practices around their precious assets to minimize fiduciary risk. The ISS complaint focused on the audit committee’s role in creating and maintaining a secure environment for important digital assets. Obviously, shareholders did not agree with that assessment. Part of Target shareholders’ apparent satisfaction with the company’s actions (ironically, given my earlier comment about what most retail CIOs know) was based on the fact that the company has hired a “big name ” CIO (Bob De­Rodes, ex of Home Depot & GM).

The question going forward will be whether the Target proxy fight is an aberration or a harbinger of things to come. Time will tell, but one thing seems certain: retailers have to reassess their understanding of how strategic information is to their future prospects.