The global retail industry’s investments in cybersecurity are largely insufficient.
This is according to the first-quarter Cyber Threat Insights by BDO’s International Cybersecurity Advisory Services, which indicates that the average cost of a cyber data breach in the retail industry continues to climb every year, as does the average cost of cyber liability insurance coverage.
According to BDO, a case in point is that, on the 15th anniversary of the Payment Card Industry’s (PCI) Data Security Standard (DSS), many retailers are still not PCI-compliant. Created in in 2004, the standard’s objective was to increase security controls around credit card information and fraud incidents.
Among industries worldwide, retail ranks lowest on supply chain security, correct firewall usage, protection against malicious software, the development and maintenance of secure systems, access authentication and the testing of security systems and processes.
BDO points out that, while credit card numbers are considered a highly lucrative reward of a successful cyber-attack because financial information can be re-sold quickly on the black market, consumers are affected in other ways than just by the misuse of financial information, including:
* Increasing prices of products or services;
* The compromise of personal identifiable information and identity theft;
* Theft or loss of products once purchased; and
* The loss of value of stock or other investments made in the retail industry.
More companies are facing major lawsuits from their own shareholders, consumer protection groups and federal and/or state government agencies for their negligence in providing an adequate information security programme for their organisation. This results in significant financial losses and negative impacts on brand and reputation.
Gregory Garrett, head of BDO’s international cybersecurity advisory services, comments: “Cybersecurity serves as the backbone to digital transformation. When an organisation overhauls its IT infrastructure, its security risks undergo an overhaul too.
“It is an opportunity to take a fresh look at how data is accessed and used – old vulnerabilities may be mitigated or even eliminated, but new ones are introduced. Cybersecurity can be an innovation catalyst and retailers need to schedule innovation in tandem with cybersecurity.”