While 96% of surveyed retail, restaurant and hospitality stakeholders are confident in their companies’ internal risk assessment processes, their satisfaction in the security of their systems is misaligned with reality, as one-third of companies (31%) have experienced a data breach in their company's history. Of companies that have been breached, 89% have been hit more than once in a year, and 69% of retail businesses have been breached upwards of three times in a year. 

The joint study from Cornell and FreedomPay, "Check Please! How Restaurant, Retail and Hospitality Businesses are Managing Cybersecurity Risks," reveals the state of cybersecurity in small, medium and large-size enterprises across the hospitality, retail and food and beverage sectors.

With new cyber threats emerging both internally and externally, business leaders are juggling a full slate of concerns and challenges. Business owners highlighted threats such as payment integrity (59%) and malware (58%) as concerning most often, with risk management (57%) cited as the biggest challenge leaders say their systems face. Companies also fear internal threats, with hospitality companies most frequently citing human error (86%) and lack of employee education (81%) as negatively impacting cybersecurity systems.

Retail and hospitality organizations are challenged to balance security with customer preferences, with many implementing heightened cybersecurity measures to make their customers feel more secured and reassured when making a purchase. The study found that 91% of companies believe their customers deeply care about cybersecurity, however, 65% of leaders believe that customers are annoyed by extra security measures, and they want systems to be easy to use (67%).

Despite these roadblocks, companies have said they are increasing or have increased their IT budgets, calling out the COVID-19 pandemic and technology as driving forces. Other notable findings include:

• More than one-third (35%) of surveyed leaders do not know how much of their company’s budget is spent on cybersecurity.
• Companies are divided on what precautions and guidance are worth the cost. Eighty-three percent of companies who do use a third party to manage and secure information say this option is “more cost-effective” for their business, while half (51%) of companies who do not use a third-party supplier cite it as being “more costly” than their current process.
• A majority of companies (87%) say they would welcome involvement from the U.S. government to fight cybersecurity threats as well as enhance policy (84%).

Click here to download the report.