Retailers are vulnerable to data breach

Two in five retailers around the world have had a data breach in the last year – and most consider themselves to be vulnerable to such threats in the future, according to a new study.

In all, 43 per cent of retailers said they had experienced a breach over the preceding 12 months, while 60 per cent of retailers said they have been breached in the past, and 88 per cent say they are at risk for the future, including 37 per cent that say they are ‘very’ or ‘extremely’ vulnerable, according to the 2017 Thales Data Threat Report, Retail Edition.

Information systems, cybersecurity and data security specialist Thales, which worked with analysts from 451 Research, also said that 73 per cent of retailers planned to increase their spending on IT security in response. This, it says, will come still further to the fore as regulations increase. That includes the arrival, next year, of the European Union GDPR regulations, with measures that will give consumers more control over their data and are set to raise awareness of data privacy and sovereignty issues.

The report found that almost two thirds of retailers (64 per cent) are now working to encrypt their data in order to comply with its requirements, 40 per cent are tokenising data, and a similar number (36 per cent) are implementing a migration project.

According to the report, half of retail organisations (52 per cent) will use sensitive data in a big data environment this year, with a third (34 per cent) using encryption to protect that data. Despite this, however, 39 per cent were very concerned that they are using these environments without proper security in place.

The report also found that as adoption of cloud and SaaS environments continues to rise, so too do concerns regarding their safe use. Two-thirds of retailers (67 per cent), for example, claimed to be very or extremely concerned about cloud service providers (CSPs) falling victim to security breaches or attacks. A similar number (66 per cent) expressed concerns around vulnerabilities in shared infrastructure, and 65 per cent were worried about the custodianship of the encryption keys used to protect their data.

“Breach results were not so rosy for global retail,” said Garrett Bekker, principal analyst for information security at 451 Research. “A staggering 43 per cent of global retail respondents reported a breach in the past year alone, approaching twice the global average. These distressing breach rates serve as stark proof that data on any system can be attacked and compromised.”

Peter Galvin, vice president of strategy at Thales e-Security said: “With tremendous sets of detailed customer behaviour and personal information in their custody, retailers are a prime target for hackers so should look to invest more in data-centric protection. And as retailers dive head first into new technologies, data security must be a top priority as they continue to pursue their digital transformation.”