50% of Retailers Experienced a Data Breach Last Year

July 24, 2018

Three-quarters of U.S. retailers have experienced a data breach, half in the last year, says the Thales 2018 Data Threat Report.

According to U.S. retail respondents, 75% of retailers have experienced a breach in the past compared to 52% last year, exceeding the global average. U.S retail is also more inclined to store sensitive data in the cloud as widespread digital transformation is underway, yet only 26% report implementing encryption – trailing the global average.

Year-over-year breach rate takes a turn for the worse

While last year’s report showed an encouraging decrease in breaches, this year U.S. retail data breaches more than doubled from 19% in the 2017 survey to 50%. This massive increase drove U.S. retail to be the second highest vertical polled to experience a data breach in the last year, ahead of healthcare and financial services and only slightly behind the U.S. federal government.

Digital transformation brings increased risks to data
According to the report, 95% of U.S. retail organizations will use sensitive data in an advanced technology environment (such as cloud, big data, IoT and containers) this year. More than half believe that sensitive data use is happening now in these environments without proper security in place. Each of these technology environments comes with unique security challenges. As the attack surface increases, unique data security challenges need to be addressed.

The increase in attacks against the retail sector calls into question why spending on data security isn’t more significant. Ironically, in the U.S., the traditional concerns about data security related to perceived complexity and business performance impact are now outpaced by a perceived lack of need, which was cited by 52% of respondents. Although not exactly the same globally, a lack of organizational buy-in was tied to 41% not perceiving a need for data security. The message here is that management needs a sense of urgency, and security professionals must do a better job of selling the importance of data security.

Security spending is up but not aligning with risk

The good news is that U.S. retail organizations are responding to the ever-increasing threat with 84% citing plans to increase IT security spending and 28% noting the increase would be significant. The bad news is that spending is not going to what respondents believe are the most effective defenses.

The retail sector recognizes the need for encryption to protect sensitive data. Forty-nine percent require encryption to increase cloud usage and 44% need system level encryption and access controls to expand the use of big data. More than half (52%) believe encryption (along with anti-malware tools) is needed to drive IoT adoption. This is in addition to encryption being the number one choice to satisfy compliance and data security laws such as GDPR, Korea’s PIPA and APPI in Japan.

Seemingly contradicting themselves, both U.S. and global retail ranked endpoint and mobile defenses as those that will get the largest spending increase (72% U.S.; 52% global)) even though they rank them the least effective. A bright spot is that more organizations are recognizing the threat to cloud data and with that 49% of respondents have ranked cloud at the top of their IT security spending priorities.

Other key findings include:

67% of U.S. retailers are planning to implement database and file encryption this year
2 of the top 3 tools needed for additional cloud use are encryption with enterprise key control or cloud provider key management
For the first time, compliance is not identified as one of the top 5 security spending drivers

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

50% of Retailers Experienced a Data Breach Last Year

Related Articles

Related Products

Related Events

Report Abusive Comment