61% of retailers experienced a cyberattack within the past year, with 72% being attacked in their organization's lifetime.
50% of retailers reported having no response plan for a data breach, 11% higher than the all-industry average.
The average attack involving the loss of customer or employee data results in 7,772 individual records lost or stolen, with an average cost of $1.9 million from the disruption of normal operations.
When asked what factors are contributing to these attacks, budget was a top concern for retailers. Only one in three believes they have adequate budget to achieve strong IT security, while over half do not. However, 93% of retailers spend less than 20% of their overall IT budget on security, with an average spend of 11.5%. Insufficient personnel (91%), insufficient budget (51%) and no understanding of how to protect themselves from cyberattacks (40%) were the most commonly cited challenges preventing fully effective security posture.
"There are billions of stolen credentials on the dark web, and cybercriminals can wait for months for prime opportunities like peak online shopping season to exploit retailers' security vulnerabilities and make illegal purchases," says Darren Guccione, CEO and Co-founder of Keeper Security. "The reality is, the cybersecurity problems facing the retail industry are not problems of money or personnel, but of mindset. Retailers need to know there are easily implementable, cost-effective security solutions that can greatly bolster their security posture and largely prevent such cybercrime from happening."
Swift action should be taken by retailers as these cyberattacks are evolving in nature. 87% of retailers agree that cyberattacks are becoming more targeted, 67% believe attacks are becoming more severe and 61% think they're more sophisticated. The most commonly reported attack methods are phishing (69%), web-based attacks (54%), and malware attacks (40%).
In addition, 69% of retailers agree that passwords are an important part of cybersecurity prevention, yet over half (51%) don't have visibility into their employees' password practices. Given these findings, coupled with the fact that 81% of data breaches are caused by hacked passwords, Guccione offers three key tips for retailers:
Educate employees regularly on best security practices and ways to avoid socially engineered attacks.
Enforce strong login credentials and multi-factor authentication across all employee devices.
Conduct regular security audits and encrypt business data.
About Keeper Security, Inc. Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their passwords and sensitive digital assets to significantly reduce cybertheft and data breaches. Keeper is the leading provider of zero-knowledge security and encryption software covering password management, dark web monitoring, digital file storage and messaging. Named PC Magazine's Best Password Manager (2018) & Editors' Choice (2018, 2019), PCWorld Editors' Choice (2019) and awarded the Publisher's Choice Cybersecurity Password Management InfoSec Award (2019), Keeper is trusted by millions of people and thousands of businesses to protect their digital assets and help mitigate the risk of a data breach. Keeper is SOC-2 and ISO 27001 Certified and is also listed for use by the Federal government through the System for Award Management (SAM). Keeper protects businesses of all sizes across every major industry sector. Learn more at https://keepersecurity.com.