From what we were told after the fact, there were things Target should have been reasonably expected to do to prevent the sort of attack it experienced last December.
And consequentially some top level heads have rolled. The company undoubtedly worked hard to control the damage and fortify its system. But it's significant that people at the top got the pink slip. The buck stopped there.
The title to the above linked article is Target CEO resigns, latest executive fallout from card breach at Naked Security by the author, Chester Wisniewski who is rather harsh in his assessment of Target. Also at Naked Security from Lisa Vaas is Target CIO Beth Jacob resigns in breach aftermath which contains the observation that the company had been advised by an analyst to undertake a security review. Then this:
We don't know if the review actually happened, or whether it was lost in the cacophony of warnings security teams and government agencies constantly put forth.
That's a twist on the narrative. With everyone covering his/her own tail, they get a "cacophony of warnings." Distinguishing the good ones from the bad ones and deciding which ones should get the attention is probably a monumental task. It can't be an easy job to be CIO or CEO. That's why they get the big bucks, until it stops.