A large majority of US retailers have experienced a breach, which according to the 2018 Thales Data Threat Report exceeds the global average. The report found that 75% of retailers have experienced a breach in the past year, compared to 52% in 2017.
US retail lags behind the global average when it comes to implementing encryption, with only 26% of retailers reporting that they have begun implementation. Still, retail is more inclined to store sensitive data in the cloud as widespread digital transformation is under way, with 95% of retail organizations expected to use sensitive data in an advanced technology environment, such as cloud, internet of things (IoT) and containers. More than half of respondents said they believe sensitive data is currently being used in these environments without the proper security protocols.
“This year’s significant increase in data breach rates should be a wake-up call for all retail organizations. Digital transformation is well under way and the business benefits of the cloud, big data, IoT and mobile payment technologies are compelling and fueling widespread adoption,” Peter Galvin, chief strategy officer, Thales eSecurity, said in a press release.
“However, with the flow of sensitive data through all of these disparate platforms and technologies, the attack surface increases exponentially and with it the risk of a data breach.”
The report found that in 2018, retail data breaches more than doubled, from 19% in 2017 to 50% this year, making retail the second-highest vertical to experience a data breach in the last year, ahead of healthcare and financial services and only slightly behind the U.S. federal government.
“These increases come as no surprise to retailers. While nearly 95% of retailers acknowledge vulnerability to data breaches, now almost half recognize they are extremely vulnerable. This is an increase of 30% from the previous year,” said Garrett Bekker, principal analyst for information security at 451 Research.
Even though 84% of retailers plan to increase IT security spending, the report indicates that their spending plans don’t correlate with the most effective defenses.
“While this trend can be partially attributed to US retailers aggressively pursuing a multi-cloud strategy, these organizations continue, year after year, to spend on the same security solutions that worked for them previously. With increasingly porous networks and expanding use of external resources (SaaS, PaaS and IaaS most especially), traditional endpoint and network security are no longer sufficient to protect sensitive data,” said Bekker.