Survey Finds Nearly 3 in 4 Retailers Have Been Attacked by Cybercriminals

Staff Report

Monday, November 18th, 2019

The online threats facing retailers are becoming more complex and threatening, new research from the Ponemon Institute finds. 

The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, commissioned by Keeper Security, measured responses from over 2,000 IT and IT security professionals around the world, 239 of which were from the retail industry. Some top-line findings include:

61% of retailers experienced a cyberattack within the past year, with 72% being attacked in their organization's lifetime. 

50% of retailers reported having no response plan for a data breach, 11% higher than the all-industry average. 

The average attack involving the loss of customer or employee data results in 7,772 individual records lost or stolen, with an average cost of $1.9 million from the disruption of normal operations.

When asked what factors are contributing to these attacks, budget was a top concern for retailers. Only one in three believes they have adequate budget to achieve strong IT security, while over half do not. However, 93% of retailers spend less than 20% of their overall IT budget on security, with an average spend of 11.5%. Insufficient personnel (91%), insufficient budget (51%) and no understanding of how to protect themselves from cyberattacks (40%) were the most commonly cited challenges preventing fully effective security posture.

"There are billions of stolen credentials on the dark web, and cybercriminals can wait for months for prime opportunities like peak online shopping season to exploit retailers' security vulnerabilities and make illegal purchases," says Darren Guccione, CEO and Co-founder of Keeper Security. "The reality is, the cybersecurity problems facing the retail industry are not problems of money or personnel, but of mindset. Retailers need to know there are easily implementable, cost-effective security solutions that can greatly bolster their security posture and largely prevent such cybercrime from happening."

Swift action should be taken by retailers as these cyberattacks are evolving in nature. 87% of retailers agree that cyberattacks are becoming more targeted, 67% believe attacks are becoming more severe and 61% think they're more sophisticated. The most commonly reported attack methods are phishing (69%), web-based attacks (54%), and malware attacks (40%).

In addition, 69% of retailers agree that passwords are an important part of cybersecurity prevention, yet over half (51%) don't have visibility into their employees' password practices. Given these findings, coupled with the fact that 81% of data breaches are caused by hacked passwords, Guccione offers three key tips for retailers: 

Educate employees regularly on best security practices and ways to avoid socially engineered attacks.

Enforce strong login credentials and multi-factor authentication across all employee devices. 

Conduct regular security audits and encrypt business data. 

The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report underscores growing cybersecurity concerns best illustrated through the year-over-year trends dating back to 2016. The survey, commissioned by Keeper Security, measured responses from 2,391 IT and IT security practitioners in the U.S., U.K., DACH, Benelux, and Scandinavian.