For the first time in the 2016 BDO Retail RiskFactor Report's history, risks associated with data privacy and security breaches were cited by all retailers.
Retailers have grown accustomed to headlines around massive cyber incidents, and are fully aware of their burdensome financial and reputational repercussions, the report said. This year’s finding that all retailers cite cybersecurity as a potential risk to their business reflects a notable shift from the 55 percent in 2011 and 26 percent in 2007 that flagged potential cyber issues.
According to the report, retailers face, on average, at least eight cyber-attacks per year, with 74 percent of them considered advanced threats. To safeguard the constant flow of sensitive data, more than half (52 percent) of those surveyed in the 2016 Retail Compass Survey of CFOs said they upped their spending on cyber in the past year via a broad array of strategies, including leveraging new software security tools (85 percent) and creating a response plan for potential breaches (71 percent). While planning is crucial and can enable a swifter response once an attack takes place, cybersecurity has become a continuous game of cat and mouse, with fraudsters becoming increasingly sophisticated.
New and evolving data privacy regulations also place pressure on retailers to correctly implement new systems and ensure robust protective frameworks are in place, and risks associated with cyber and privacy regulations were cited by 76 percent of retailers. Meanwhile, in this year’s CFO survey, nearly 7 in 10 retail CFOs said they expected cyber regulation to grow in 2016.
The report also noted that regulatory bodies are joining efforts with the U.S. credit card industry, which last year called for compliance with Europay, Mastercard and Visa (EMV) standards mandating more sophisticated authentication technology and shifting greater fraud risk to the retailers. By upgrading their card acceptance and processing systems to use chip-enabled credit cards and devices, retailers are arming themselves against the risks associated with credit card fraud. According to the survey, most retailers (76 percent) have completed the EMV transition of their payment terminals.