Thales eSecurity Blog

2017 Retail DTR: Cautious optimism

In some ways I feel for big retailers around the world. Many have made great strides in introducing technologies that provide better experiences for their customers. But they also take huge hits in the news when they experience data breaches that touch millions of people.

We just released our 2017 Thales Data Threat Report, Retail Edition, part of our Global Data Threat Report. The retail edition has both good news and bad news. We are at a pivotal point in time for data security for the retail sector (and many other industries undergoing digital transformation).

High breach vulnerability, budget misallocation

The Thales Data Threat Report, Retail Edition reveals some alarming trends. One example: nearly 9 out of every 10 retail organizations we surveyed consider themselves vulnerable to data threats. This is not encouraging news for consumers or retailers.

Our survey results also capture why we can expect more retailer breaches. Those same 9 out of 10 retail respondents selected network security as “very” or “extremely” effective at protecting data from breaches. Network security alone is not the answer to keeping data secure. The data itself must be secured – not just the perimeter protecting the space in which the data resides.

But there are also bright spots in our findings.

2017 Retail DTR: Cautious optimism

Drop in year-over-year breaches, bigger budgets

Last year’s report found that 22 percent of American retail organizations surveyed had experienced a data breach in the previous year. In this year’s report, that has decreased to 19 percent. This is well below the global average of 26 percent. While a positive development, retailers need to continue to adopt advanced data security technologies like encryption techniques for this downward trend to continue.

Another positive finding was that 77 percent of U.S. retail organizations are increasing their IT security spending. While we need to help retailers spend their security budgets in the right way, as I mentioned above, retailers are at least acknowledging that resources are needed to protect their sensitive data. In April I wrote about our research showing that data security is now a boardroom topic. This is true as well in the retail industry. Retailers suffer huge brand damage after a breach, and that’s a business problem with direct implications on the bottom line. So even though retail breaches dropped over the past year, one is too many, and business leaders recognize this.

Cautious optimism

I’m cautiously optimistic that the retail industry will improve its data security strategy over the next year. Why? We’re in a carrot-and-stick business environment. First, as I just mentioned, business executives are increasingly involved and concerned about their data security – because their businesses’ growth is at stake. That’s their carrot. The stick – compliance. Far-reaching compliance frameworks like the European Union’s General Data Privacy Regulation (GDPR), the Payment Card Industry Data Security Standard (PCI-DSS) and various other laws in the U.S. that are either state- or industry-specific will hold retailers’ feet to the fire when it comes to protecting their customers’ sensitive data. There simply is no more time for businesses to delay on deploying data security.

This year’s Retail Data Threat Report is full of many other important findings. Download it here.