When it comes to data breaches, no sector is more vulnerable than retail – that includes finance, insurance, and hospitality. In the U.S. alone, 75 percent of retailers have experienced some form of data breach since opening. A whopping 50 percent of retailers experienced a breach just last year. And that’s up from 19 percent the year before – a staggering year-on-year increase.
Retailers have good reason to be worried given the amount of data at stake, and nearly half of them admit to feeling very or extremely vulnerable to attack. After all, data breaches play havoc with the bottom line. Target, for one, shelled out over $150 million for the massive holiday data breach. Home Depot paid at least $179 million.
Where huge retailers can weather the financial hit, SMEs would find it extremely difficult to lose $3.6 million, the average cost of a cyber-attack, according to IBM. Worse still, a well-timed data breach, say during the lucrative holiday season, could seriously kneecap a smaller retailer, not just in terms of revenue, but also in corporate reputation and consumer confidence.
If all of that weren’t bad enough, it looks like the cyber threat will only get worse before it gets better. Hackers are expanding their list of targets to include business-critical corporate platforms, like HR systems, in addition to traditional attacks, like return and refund fraud, retail and bank account takeovers, website outages, and point-of-sale breaches.
Though retailers have bumped up their IT security spending to combat that heightened threat environment, according to a Thales report, it’s not at all clear that those investments will be effective. IT specialists in retail recognize that encryption is needed, but the big investments are coming in admittedly less effective areas, like endpoint and mobile defense.
So as data breaches are becoming the new normal in retail, businesses must react. Preparedness needs to start today. Seventy percent of companies are confident in their ability to deal with a data breach. But only 22 percent have tested their crisis management plans.
What’s needed then: companies have to get serious about developing, implementing, and testing robust data breach action plans to keep their sensitive company and customer data safe. Not sure how to get started? Download our guide to developing a data breach action plan.
For more crisis planning content, follow @teamnoggin on Twitter