Recent statistics shows that 100% of retailers in the United States are worried about “privacy concerns related to security breach”. This is a 55% increase from 2011.
Accountancy firm BDO has released its annual BDO Retail Riskfactor Report. One statistic that stands out is focused on cybersecurity: when questioned, every single respondent said that they class a security breach as a risk to their organization.
“The number of cyber incidents are on the rise across industries, but the retail industry has been particularly hard hit,” said Doug Hart, partner in the consumer business practice at BDO.
Larger dependency on the Internet
The use of digital channels by Retailer’s is constantly growing, so it’s not surprising that concerns for online security are growing, too.
“Retailers are in a particularly precarious position because they not only have to protect their sensitive data but their consumers’ personal information as well,” Hart said. “The industry has been victim to some of the most high-profile—and most expensive—data breaches to date.
Hart continued, “Retailers also face a growing regulatory and compliance burden. On the one hand, retailers are increasingly penalized for failure to adequately protect customer data—one of the few instances where the victim is blamed for the crime committed against them.”
It’s true that retailers in the US face a large compliance burden in all aspects of their business. In regards to security, compliance requirements may differ from retailer to retailer, but a common requirement would be compliance with the PCI DSS (Payment Card Industry Data Security Standard).
Top 20 risks
Below are the top 3 risks for retailers. View the top 20 by clicking here:
Cybersecurity worries – taking steps to becoming secure
Retailers that want to become cyber secure and implement a best-practice information security management system (ISMS) should look to the international standard ISO 27001.
An ISO 27001-compliant ISMS provides a risk-based approach to data security that can be applied across the firm and throughout the supply chain. Once your ISMS has been certified to the Standard you can insist that third-party contractors and suppliers also achieve certification, helping secure your supply chain.
As well as improving your cyber security, the external validation offered by ISO 27001 certification is likely to increase your organization’s business efficiency while providing a higher level of confidence to customers and stakeholders, as well as allowing you to meet your legal, contractual and regulatory data protection obligations.
For the perfect introduction to ISO 27001 and how it can help your organization, buy the ‘An Introduction to Information Security and ISO 27001 (2013)‘ pocket guide and begin securing your organization today.