Retail data breaches still high as GDPR deadline looms

As the EU’s General Data Protection Regulation compliance deadline approaches, retail data breaches remain unacceptably high, a data threat report reveals

More than eight out of 10 retailers consider themselves vulnerable to data threats, and 37% say they are “very” or “extremely” vulnerable, according to the 2017 Thales data threat report, retail edition.

The report, issued by security firm Thales in conjunction with 451 Research, reveals that 43% of retailers have experienced a data breach in the past year, and a third of those reported more than one breach.

As a result, nearly three-quarters of retailers expect their spending on IT security to increase, partly driven by increased regulation, such as the EU’s General Data Protection Regulation (GDPR).

According to the report, the increase in data protection regulation has led to greater awareness and concern around issues of data privacy and sovereignty, with 72% of retailers claiming to be affected.

For retailers, data means greater insights into customer behaviour, the ability to offer more personalised experiences, and the chance to upsell products successfully, but it can also mean a greater risk of security breaches, losing valuable customer information and tarnishing relationships and reputation.

“With tremendous sets of detailed customer behaviour and personal information in their custody, retailers are a prime target for hackers, so should look to invest more in data-centric protection,” said Peter Galvin, vice-president of strategy at Thales.

“As retailers dive head-first into new technologies, data security must be a top priority as they continue to pursue their digital transformation.”

The report reveals that, in an effort to comply with new data protection requirements, almost two-thirds of retailers (64%) are encrypting their data, 40% are tokenising it, and 36% are implementing a migration project.

According to the report, half of retail organisations (52%) will use sensitive data in a big data environment in 2017, with a third using encryption to protect that data. However, 39% said they were “very concerned” about using these environments without proper security in place.

Continue reading…