[BreachExchange] Report: U.S. retailers aren't investing in cybersecurity even as breaches persist

Audrey McNeil audrey at riskbasedsecurity.com
Wed Aug 24 17:52:05 EDT 2016


http://fedscoop.com/report-u-s-retail-stores-wont-invest-
in-cybersecurity-though-growing-threat-exists

As high-profile hacks like Target, Home Depot and Eddie Bauer show,
U.S.-based retail stores are especially susceptible to damages caused by
hackers. A new survey out Tuesday shows how much that damage usually
amounts to.

A data breach costs retail outlets, on average, roughly 19 percent of their
customer base, according to a survey conducted by global audit, tax and
advisory firm KPMG.

Nearly one-fifth of respondents told KPMG they would avoid a retailer that
was the target of a successful cyber attack, regardless of how the company
remediated damages caused by hackers.

Another 33 percent of people surveyed said they would wholly abandon an
affected business for about three months, due to immediate fears concerning
the exposure of personal and financial information typically stored by the
retailer. Interestingly, these same customers also said they are least
likely to return to a hacked store when its leadership fail to publicize a
solid plan to prevent future cyber attacks.

"Make no mistake, there is a lot at stake here for retailers. Consumers are
clearly demanding that their information be protected and they're going to
let their wallets do the talking,” Mark Larson, a KPMG executive who
analyzes global retail market activity, said in a statement.

The typical American consumer has become more aware of cyber attacks, KPMG
notes, as several high profile data breaches have recently occurred.

Though the survey’s findings may be considered worrisome for many
retailers, 55 percent of sitting, senior cybersecurity executives serving
the sector — separately surveyed by KPMG — said they had not invested in
cybersecurity over the last 12 months.

"Quite frankly, many retailers are not doing enough to protect their
businesses from cyber attacks or react to them when they occur, and the
effects of their inaction will end up harming them in the long run," said
KPMG Principal and Retail Cybersecurity Leader Tony Buffomante in a
statement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160824/4e06ede6/attachment.html>


More information about the BreachExchange mailing list