Data breaches have become a common element in headlines over the last two years, and Americans’ attitudes towards shopping are beginning to reflect it. Research has revealed that a full 85% of Americans would stay away from their favorite retailer, should it be hit by hackers.
According to the findings, conducted by Wakefield Research, Americans would take their business elsewhere as a result of an array of personal breach consequences, including: If money were taken from their checking account (67%); if unauthorized charges appeared on their credit card (62%); if personal information were leaked (57%); and if their credit score were damaged (54%).
The message here is that as retail organizations look forward to soaring back into the black during the holiday shopping season, they should never lose sight of the importance of data security, considering that a breach could cost them one of their most valuable assets—customer loyalty.
As evidenced by the retail edition of the 2015 Vormetric Insider Threat Report, retailers still have some catching up to do. According to that report, more than 51% of retail respondents reported being very or extremely vulnerable to insider threats—the highest rates measured in the study.
“It’s been two years since major retail attacks made ‘data breach’ a household word,” said Tina Stewart, vice president of marketing at Vormetric. “The revelation of a major data breach following the Black Friday weekend in 2013 [i.e., the Target fiasco] was the starting point for two record years of data breaches that have followed. Events since then have demonstrated just how much financial and reputational havoc a data breach incident can wreak on beloved brands.”
Further, the Vormetric study shows that meeting minimum compliance requirements is no longer sufficient to protect sensitive data. Many retail breaches occurred at organizations that were certified compliant with highly ranked standards like PCI-DSS.
“The time has come for retailers—and indeed all organizations—to embrace a data-centric mindset and change their approach to how their data is protected,” said Sol Cates, CSO at Vormetric. “With attackers now using multi-phase approaches to breach organization’s perimeters and networks, a stronger focus on better securing company data where it is stored is required. Encryption and access controls are now front-line defenses for defending data-at-rest. With encryption becoming increasingly easier to implement, there is no excuse for not protecting your organization’s sensitive data, regardless of where it resides.”
Photo © photomak