November 25, 2020

This post is a one in the “Rethink Cybersecurity” series. Additional posts in this series are available here

The retail sector is a paranematic case of the crazy nature of digital economics that need to be rationalized.

The retail sector is one of the cornerstone industries of the U.S. economy, but growing advancements and dependence on internet and technology has brought major cybersecurity challenges firms must overcome.

The cybersecurity issues are so pervasive that some research has suggested that as many as a stunning 80-90% of all the people who log into a retailer’s e-commerce website are hackers using stolen credentials. Cybercriminals are mounting attacks against retailers and reaping the rewards.

Financial gains are the primary motives driving hackers to attack retailers, accounting for 99 percent of all retail cyber-attacks.  Moreover, a recent study that found it takes the retail sector an average of 228 days to identify a breach, and an extra 83 days to contain it.  That is over 300 days a hacker is present taking advantage of retailers’ systems and maintaining the stolen personal information. These breaches cost retailers $30 billion a year.

At the same time, retailers are rapidly going through their own digital transformation and becoming increasingly dependent on technology, particularly with the growth of automation and artificial intelligence (AI). AI technologies have allowed firms to make tremendous gains in business. AI has offered retailers the opportunity to predict and adjust prices, assist in supply chain prediction and management, aid customers in visual searching, provide virtual fitting rooms, and predict consumer behaviors. 

Companies, such as Levi’s and Gap, have seen increased sales in areas where they have installed a virtual fitting kiosk that scans you measuring 200,000 points of your body in 20 seconds and providing you with a “perfectly matched” outfit.  However, this increased use of technology comes with its downfalls in the area of cybersecurity. Creating more access points for hackers to take advantage of increases the risk of retailer’s enormous amount of information being compromised. 

Retailers have been so enthused about how digital transformation can enhance their businesses model that many of them have not focused on the negative repercussions that come from it, poor security.  Retailers, operating in an intensely competitive market with low profit margins are driven to provide the customer with a positive experience at the expense of application for security. 

These market forces are driving an underinvestment in security are reinforced by typical consumer behavior. The customer turnover rate is the rate that a customer is willing to take their business elsewhere due to a data breach. The turnover rate in retail is only 2.4 percent.  That is roughly one-third the turnover rate in the healthcare sector, 7 percent, and less than half the turnover rate in financial services, at 5.9 percent. 

This means that customers in the retail sector are less likely to stop shopping at retail firms when they are made aware of a security breach, further incentivizing retailers to provide lower costs for customers and better customer experience instead of improved cybersecurity. As long as retailers are continuing to see economic gains by applying new technological tools, and not losing customers even when they’re breached, they will likely continue to be underprepared for the highly probable cyber-attack. It is important that we establish the incentives for greater security when the economics do not allow it and increase costs on cybercriminals to make attacks against retailers less palatable.

Join the Rethink Cybersecurity Community click here