Of all people who log into a retailer’s ecommerce website, 80 to 90 percent of them are hackers who are using stolen personal information. Like many businesses, retail firms are rapidly going through their own digital transformation and becoming increasingly dependent on technology, particularly with the growth of automation and artificial intelligence (AI). Retailers have been so enthused about how digital transformation can enhance their businesses model that many of them have not focused on the negative repercussions that come from it, poor security being one of them. Retailers, operating in an intensely competitive market with low profit margins are driven to provide the customer with a positive experience at the expense of applications for security. Customers in the retail sector are less likely to stop shopping at retail firms when they are made aware of a security breach, further incentivizing retailers to provide lower costs for customers and better customer experience instead of improved cybersecurity. As long as retailers are continuing to see economic gains by applying new technological tools, and, not losing customers even when they’re breached, they will likely continue to be underprepared for the highly probable cyber-attack. If we keep using current methods and regulations, corporations will continue to be hacked and damaged. It is up to the private sector and government to work together and make these solutions become a functionable part of reality. Many retailers’, as small companies (SMEs) access to adequate cybersecurity expertise is scarce even if they had the resources. Some solutions laid out in this chapter include: Measuring the NIST Cybersecurity Framework’s impact and cost-effectiveness; Consolidating definitions and guidelines for protecting personal data through a national data breach bill; and Improving authentication requirements for digital systems.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Andy Kirkland is the Chief Information Security Officer for Starbucks Coffee Company. He has 20 years of experience working in information security and FDA regulatory environments. He holds a bachelor’s degree in business and mathematics from Adrian College.
Alexander T. Green is a staff editor for the Georgetown Journal of Law and Public Policy and is Vice President of the Corporate and Financial Law Organization. He holds a Juris Doctor from Georgetown Law.