Three-quarters of all U.S. retailers have suffered a data breach. That number is eye-opening enough, but worse still, half of these retail data breaches occurred in the past year alone, a new report out from Thales Security has revealed.
Clearly, retailers aren't immune from the cybersecurity hacks, attacks and alerts that have swept the globe in the past few years. But with consumers putting their personal financial details in the hands of retailers that are clearly vulnerable, there's added cause for concern.
It's not all bad news: according to the Thales Security report, U.S. retailers are retaliating, with 84 percent aiming to increase their IT security budget in 2018 — up from 77 percent past year, and solidly ahead of the global retail average of 67 percent.
What do retail data breaches look like? What can businesses, and the consumers whose data might be at risk, do about the problem? Here's a quick examination of the unstable cyber-ground U.S. retailers are sitting on.
2017's Biggest Retail Data Breaches
2017's highest profile retail data breaches are particularly scary to the average consumer, if due to the brand names alone: Plenty of consumers hadn't heard of Equifax before its massive breach, but far more people have eaten at Chipotle.
Most of that restaurant chain's roughly 2,250 locations were breached over the course of three weeks in 2017. Chipotle's cyber-defences fell to hackers who nabbed customer payment data via malware.
The breaches haven't slowed in 2018 so far. Some of the largest breaches have occurred within the first half of the year.
Under Armour was breached in 2018, losing data on around 150 million customers. Hackers attacked the sports company's diet and fitness app, MyFitnessPal, to extract the data.
Indeed, one of the reasons retailers are seeing so many breaches is this level of digital diversification. By dipping their toe into acquisitions and third-party SaaS deals, retailers open up additional points of entry that hackers might exploit. Another third-party firm, 7.ai, was breached in 2017, exposing companies including Sears and Best Buy.
Other retailers affected in 2018 so far include Macy's, Adidas, and even the café chain Panera Bread.
Four Reasons Retail Data Breaches Are Rising
While security breaches are a growing concern across the globe, they're increasing particularly fast in the United States, as the above graph from Thales' latest report indicates.
While 75 percent of U.S. retailers were breached at one point in the past, only 60 percent of retailers globally can say the same. So what's driving the 2017 boost in breaches?
1) Solving the Wrong Problems
One reason may be that U.S. retailers are trying to stop the wrong problems.
The U.S. retail sector invests the most into “endpoint/mobile defense solutions,” Thales notes, even though analysis/correlation tools and “data-in-motion” defenses would be more effective.
2) Cloud Security Concerns
U.S. retailers are also both more likely to store data in the cloud, yet less likely (at 26 percent, against a global 30 percent average) to use cloud encryption. In short, spending a U.S. retailer's cybersecurity budget more wisely would likely go far towards closing the gap.
3) Third Party Weakspots
Evolving retail practices could also contribute to the rise in breaches: Retailers are increasingly relying on external third-party businesses, from software to platform to infrastructure services, all of which are additional entry points for a hacker hoping to gain retailer data. These innovations can't be rolled back: Retailers need to evolve their security measures to cover the online tools and services they rely on.
4) The Reduced Friction Paradox
But the final reason retailers suffer from cybersecurity hacks could be their own success when creating smooth customer experiences. Retail websites are great at reducing friction in order to improve the user experience. Everything from logging in to single-click checkouts makes modern online retail great for consumers.
But, that expectation of quick response and one-click access can breed poor security practices. Thanks in part to that low friction, a 2018 report from cybersecurity firm Shape Security found, between 80 and 90 percent of their traffic are hackers attempting identity fraud.
‘Retailers are reluctant to impose any security measure that could lead a customer to abandon their cart' – Shape Security report
The result? Such fraud is collectively costing retailers nearly half a million dollars per month.
How Retailers And Consumers Can Protect Their Data
In 2018, both retailers and their customers need to reconsider their approach to security to remain safe.
Retailers everywhere are taking the first step they need in order to combat rising breaches: Boosting budgets on their cybersecurity efforts. But even more important for these companies is ensuring that they're spending on the channels that will prove the most effective: An informed audit of their own past cybersecurity focus would be the next step to take.
Consumers, meanwhile, can't assume that retailers will protect their data flawlessly. Any individuals hoping to protect their account information in 2018 should start with password managers. A high-quality manager can store passwords safely. Remember, if you re-use a password and email address combination on multiple sites, you are at real risk should a data hack to any one of those sites happen. Even if hackers can access some of your account information from a retail data breach, an impenetrable password can keep away real harm, and password managers can generate unique passwords for every site you use.
Try password managers like 1Password, Dashlane or LastPass, or just take a look at our password manager review to compare the best options yourself.