Retailers’ Increased Cyber Security Budgets

The New Cost of Doing Business

Jennifer Ramstrom

Like nearly every business today, retail and consumer companies are under siege from a near-constant barrage of phishing emails, SQL injections, insider attacks, and other nefarious cyber threats.

We’ve all read about the high-profile attacks – like a massive security failure in 2015 when cyber criminals accessed the personal data of up to 15 million individuals, including names, addresses, Social Security numbers, birthdates, and more.

Security incidents like that are increasingly common. In fact, 81% of retail and consumer companies in North America detected at least one security incident during the past 12 months, according to The Global State of Information Security Survey 2016 by PwC. Meanwhile, 40% of these respondents detected 50 or more security incidents in 2015. That’s roughly one known security incident every week.

The financial losses from these security failures are considerable, with the majority of the North American retailers, 53%, losing up to $100,000. The worst victims, which accounted for 15% of the respondents, were hammered by a loss of $10 million or more.

Fortunately, retail and consumer companies are taking these incidents seriously. Last year, the retail industry boosted its information security budgets by a whopping 67%.

To harden their defenses against cyberattacks, retail and consumer companies are embracing the following technologies:

A Risk-Based Security Framework

More than 90% of retailers have adopted a risk-based security framework like ISO 27001 to better protect their most sensitive data. Not only does the adoption of a risk-based security framework enable these businesses to better identify and prioritize security risks, but they have also improved their ability to quickly detect and mitigate security incidents.

Cloud-Based Cyber Security

Nearly 75% of retail and consumer companies have adopted cloud-based cyber security. These services have empowered their security teams with real-time monitoring and analytics; advanced authentication capabilities like multifactor authentication, biometrics, and smartphone tokens; and timely threat intelligence. Their payoff: the ability to better block attacks and accelerate their incident response.

Big Data Analytics

Almost 70% of these businesses are now using a big data-driven security capability to gain an improved understanding of external and internal security threats. The latter danger is slowly gaining its due recognition: Last year, 55% of cyberattacks were carried out by insiders, who typically steal data from their organization or sabotage its IT systems.

Room for Improvement

While retail and consumer companies have enhanced their security prowess, there’s still plenty of room for improvement. For example, 56% of the North American respondents lack an overall security strategy. Only half of the companies have bothered to enact an employee security training and awareness program. And just over half of them lack security baselines or standards for third-party vendors, leaving themselves vulnerable to the types of massive data breaches that make headlines every year.

Today, every business needs a trusted partner, like Connection, that can address the entire threat lifecycle and ensure you have the policies and controls in place to keep your organization secure. Our team of experts can enhance your monitoring and management capabilities, ensure you adhere to compliance requirements, and lower your overall risk of security incidents. It’s what we do best.