Three quarters of retail organizations lack a breach response plan

As online retailers gear up for their busiest period of the year, how prepared are they to face the threat of cyber attacks?

A new study from cyber security company Tripwire reveals that just 28 percent of respondents say they have a fully tested plan in place in the event of a security breach.

A worrying 21 percent say their organization doesn't have a plan at all, and the same proportion of respondents say they don't have the means to notify customers of a data breach within 72 hours, a requirement specified by GDPR.

"Considering the amount of high-profile data breaches that have occurred recently, plus the continued discussion around GDPR, it is surprising and concerning that many retailers do not have a tested plan in the event of a security breach," says Tim Erlin, vice president of product management and strategy at Tripwire. "It's encouraging that most respondents think they can meet the 72-hour notification window as set out in the upcoming GDPR, but if they haven’t tested their plans, I don’t know how confident they should be in that assumption."

Only 23 percent of respondents say they are 'fully prepared' to absorb potential financial penalties. Even fewer professionals (15 percent) say they are fully prepared to manage customer and press communications following an incident.

It's not all bad news though, the results do provide some hope that the industry is moving in the right direction. More than half of respondents (57 percent) say that their organization's ability to detect and respond to a security breach has improved in the past 18 months.

You can see more about the findings on the Tripwire blog.

Photo Credit: elwynn/Shutterstock