Posted on Nov 24, 2014
Retail hacks have consumers thinking twice about how they will shop this holiday season.
After a year of breaches, consumers don't feel safe anymore when shopping online, and some are even straying from their favorite retailers as a result, according to a recent survey.
"The number of breaches and the caliber of breaches has people very worried. But it's also the fact that many of these breaches have moved from not only being on online stores, but also into physical stores," said Gunter Ollman, the chief technology officer of NCC Group, a U.K.-based information assurance firm.
Sixty-two percent of consumers say they are more concerned about online security than they have ever been, and 23 percent of consumers already say they are doing less online because of their concerns, according to data from NCC Group and the International Data Group.
What's more, 64 percent of consumers said they believe they will be the victim of a breach within the next 12 months. And unfortunately, that may be the case, Ollman said.
"There will be bigger breaches going forward. If you just look at the last five years, every year there has been a bigger breach," Ollman said.
In the last year alone, 20 U.S. retailers were breached, according to data from the security benchmarking firm BitSight.
And it doesn't look like things will improve dramatically next year, said Stephen Boyer, the chief technology officer of BitSight.
BitSight recently assessed the security of 300 retailers and found that 58 percent of the companies had worse security performance this year than in 2013.
"The data suggests that this could continue," Boyer said. "It's going to take some time for retailers to right this ship. If everybody had cleaned up we would see very different results. I hope that we don't see another Target-like breach this year, but when we look at the sector we see that they are actually worse off."
One reason retailers are failing to defend themselves is because they are still investing primarily in old security technology, like firewall defenses, instead of more advanced methods, such as software that uses data to predict threats, said Aleksandr Yampolskiy, the CEO and co-founder of SecurityScorecard, which is a firm that rates businesses on their level of security.
"It's going to get worse before it gets better," Yampolskiy said. "I think companies need to realize that they need to have more proactive ways to fight the bad guys and to get better at sharing information with each other."
Considering things are going from bad to worse for the sector as a whole, it's likely that consumers may begin to change their behavior this holiday season.
According to a recent survey conducted by the Princeton Survey Research Associates on behalf of CreditCards.com, 45 percent of respondents said they would definitely or probably avoid shopping this holiday season at a retailer that had experienced a data breach. And 48 percent said that they would likely use cash instead of their credit or debit card to make purchases.
Consumers may want to rethink avoiding retailers who have already been breached, though, as they could be safer.
According to BitSight data, 75 percent of U.S. retailers who had suffered a breach this year showed improved security performance.
"The companies who have been breached did better, which is saying something," Boyer said. "If you suffer a loss, people realize what that means and they take steps to improve. The sad part is that many of them wait for it to happen before they take action."
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.