Retailers remain a top target for cyberattacks
US retailers are under siege as nearly two thirds (62 percent) report experiencing a data breach and over a third (37 percent) say they were breached in the past year, according to the latest report produced by IDC for Thales.
This high rate of data breaches comes amidst a decline in the rate of growth in security spending. Less than two thirds (62 percent) say that they are increasing spending this year compared to 84 percent last year, yet nearly all (96 percent) of the retailers surveyed claimed they use sensitive data within digitally transformative environments.
"Retailers have a deep well of customer data that includes what people buy, what they’re interested in, shopping habits, how they're using mobile apps and more," says Leslie Hand, GVP of retail insights at IDC. "When this data is coupled with the payment information retailers also collect, you've got a perfect storm that creates very lucrative opportunities for cybercriminals. Securing data in this environment is increasingly complicated and retail organizations must be vigilant in protecting against new security loopholes."
The implementation of new technologies continues to raise the potential to put sensitive customer data at risk. In addition, retailers face an ever-expanding threat environment with top concerns including cyberterrorism (55 percent), hacktivists (50 percent), and internal, privileged users (47 percent). Interestingly, cyber criminals are not a top concern despite the high number of data breaches in the past year.
"Retailers know they're vulnerable to data breaches, yet the report shows that IT security spending isn’t properly aligned with the risks they face," says Tina Stewart, vice president market strategy for cloud protection and licensing activity at Thales. "With brand reputation and trust on the line, remediation after a breach occurs is far too late. Retail organizations should place the same level of value on data security as they do on the products and services they sell. Additionally, whether 'born in the cloud' or just starting to move to the cloud, their overall security stance has to remain strong as digital transformation continues."
The report also shows that multi-cloud environments are making protecting sensitive data even more complex for retailers. Cloud use with sensitive data is extremely high, 69 percent of respondents have 26 or more Software-as-a-Service applications, while more than half have three or more Infrastructure-as-a-Service and Platform-as-a-Service applications. Driven by the need to protect digital transformation's complex data environments, 40 percent rate complexity as the top barrier to deploying data security.