The threats faced by retailers from cybercrime and malware attacks are well publicised and will increase as consumers use more devices to make online purchases.
It is widely accepted that retailers will need to continue to invest in technology to ensure their systems are safe from attempted hacks, but where are we now?
For Retail Week’s Tackling Data Breaches in Modern Retail interactive guide, sponsored by Cisco, we interviewed 50 senior retail executives, whose roles span information management; data management and security; and cyber security and threat management, to find out.
Our respondents agreed the threat is real. Of those executives questioned, 72% have witnessed an exponential rise in the increase in hacking attempts in the past two to three years, with 64% of those witnessing this increase experiencing a breach in their own firm.
Of those who have been hacked, the number of attempts range from one to 10, with 34% experiencing more than 10 hacking attempts.
This chimes with the group IT security and data protection officer for a major online fashion retailer who says he has seen a “400-500% increase in hacking attempts on the company’s systems” with three clear breaches of their security.
The overwhelming majority of respondents say that information security has enough visibility in the boardroom and is taken seriously by the leader of the business.
For retail FTSE 100 firms, security issues are already being written into company reports to shareholders, so awareness is there.
This is encouraging, but there is a sense from one IT security and data protection officer that this has only been the case for about a year or so.
““Ignorance to cybercrime is only matched by ignorance to technology in general”
Miya Knights, Planet Retail
For them, he says, the “epiphany came after a breach”, whereas for others, media reaction has been the catalyst.
He adds that “they have a lot to learn” and, while they are beginning to appreciate the seriousness of the threat, not enough effort is being made or emphasis conveyed.
Despite the acceptance that hacking is a real and current threat, our respondents say they feel that just under half of executive board members do not understand the key issues around information security. Only 8% of respondents say their executive board understands to a great extent.
This disconnect between the knowledge of the threat and the understanding of the problem can perhaps be placed in the wider context of senior retail teams and their relationship with technology.
Planet Retail global technology research director, Miya Knights, argues that “ignorance to cybercrime is only matched by ignorance to technology in general”.
Knowledge of digital strategy and IT is usually poor, so if you follow that out, information security falls down the agenda.
Are we facing a losing battle?
With hackers generally perceived to be a step ahead of the developers of security systems, we asked retailers if they believe this to be the case and 70% say they do.
This is a frightening number and, while Knights agrees the industry is “behind the curve” in combating hackers, good guidance is available.
The PCI Security Standards Council, a global body formed to assist in the understanding of security standards for payment account security, has issued guidance on mobile apps for ‘scan-and-go’ and ‘pay-quick’ systems. These guidelines were issued before well-known hacks on Target and Walmart.
“The tools available are very much focused for technology firms rather than retailers”
One group IT security and data protection officer confesses that, although his firm is “not easily vulnerable to attack”, it “can’t cover everything”.
He argues that the security community in general is keeping up with hackers, but that the tools available are very much focused for technology firms rather than retailers, which he feels hampers the tackling of retail-specific cybercrime.
He also stresses that the software does not exist to combat the ‘insider threat’ which we discovered is one of retailers’ main concerns.
Impact of data breaches on consumers and retailers
To find out how your business can avoid creating the next cyber-hack headline, download Retail Week’s interactive guide Tackling Data Breaches in Modern Retail report for free here.