News Feature | July 31, 2017

New Report Finds Retail Data Breaches Remain Unacceptably High

Christine Kern

By Christine Kern, contributing writer


Two in five retailers have experienced a data breach in the past year.

Data security remains problematic for retailers, according to the findings of the 2017 Thales Data Threat Report, Retail Edition, which found that 43 percent of retailers reported experiencing at least one data breach in the past year, with 32 percent claiming more than one incident. The study was conducted in conjunction with analyst firm 451 Research. Almost 9 out of 10 (88 percent) of retailers also said that they consider themselves vulnerable to data threats, while 37 percent say they are “very” or “extremely” vulnerable to breaches.

The study also found that an increase in regulations, including the pending EU GDPR, has led to greater awareness and concern surrounding issues of data privacy and sovereignty, with some 72 percent of retailers saying they have been impacted.

As a result of these changes, the study found that 73 percent of retailers anticipate an increase in IT security spending in the near future. These expenses include steps to comply with new regulations, as 64 percent of retailers said they are encrypting data; 40 percent are tokenizing data; and 36 percent are implementing a migration project to help secure sensitive information.

The report also found that 52 percent of retailers report that they will use sensitive data in a big data environment this year, with 34 percent using encryption to protect it. Still, 39 percent said that they are “very concerned” about using these environments without proper security in place.

And the adoption of cloud and SaaS environments is also on the rise, which leads to greater concerns regarding their safe use.  Two-thirds of retailers report concern regarding the risk of their cloud service providers (CSPs) being breached, while 66 percent said they are worried about vulnerabilities in shared infrastructure, while 65 percent have issues regarding custodianship of their data encryption keys.

Garrett Bekker, principal analyst for information security at 451 Research asserted, “Breach results were not so rosy for global retail – a staggering 43 percent of global retail respondents reported a breach in the past year alone, approaching twice the global average. These distressing breach rates serve as stark proof that data on any system can be attacked and compromised. Unfortunately, organizations keep spending on the same security solutions that worked for them in the past, but aren’t necessarily the most effective at stopping modern breaches.”

Instead, the report argues, retailers need to address data security head-on, and look to invest in new technologies. As Peter Galvin, vice president of strategy, Thales, asserted, “With tremendous sets of detailed customer behavior and personal information in their custody, retailers are a prime target for hackers so should look to invest more in data-centric protection. And as retailers dive head first into new technologies, data security must be a top priority as they continue to pursue their digital transformation.”

These approaches include:

  • Deploying security tool sets that offer services-based deployments, platforms and automation;
  • Discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; and
  • Leveraging encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies.