In 2013, hackers exposed 110 million of Target’s customers’ personal data records. Since the breach, the company has spent $1 billion in technology and supply chains to build a secure network and to prevent anything like this from hurting them and their customers again.
So what is the importance of network security?
Retailers must build secure networks to protect the company and customer data. Investments in network security can prevent data breaches, which can help retain customers. For Target, vulnerabilities in their network made the infamous data breach possible. The cost of the data breach included legal and monetary costs; but more importantly, it came at the price of the customers’ sense of security. As the loss of profits that Target incurred can prove, customer retention was low because customers were too afraid of putting their information at risk by shopping at Target. This breach served as a warning to retailers that if a company is breached, the resulting issues with brand reputation and customer retention will hurt profits.
An overall strong security posture protects company assets and reduces overall costs. After a breach has occurred, a company incurs many costs including: hiring a company to investigate the breach, paying for credit card issuer fines and legal costs, and securing the network to prevent against further breaches. According to IBM and Ponemon Institute’s analysis “2015 Cost of Data Breach Study: Global Analysis”, the average cost of a data breach is $3.79 million and the average cost of each lost or stolen record is $154. These costs have increased by 23% and 6% respectively, which signifies the rising cost of a data breach.
In the retail industry, hacking and malware are responsible for 50% of all data breaches. In regards to the Target Breach, 40 million customers were victim of Point of Sale (PoS) RAM scrapers that hacked into the system to collect payment card information. Moreover, 70 million customers had their personal identifiable information compromised; this included information such as names, addresses, and social security numbers.
Retailers need to invest in developing a secure network that protects customer credit card information and reduces the possibility of a breach. Customers who are afraid their personal information is at risk by shopping at a particular retailer are inclined to stop shopping there, even temporarily, which affects retailer’s profits. Target’s profits dropped 46% from the previous quarter after the breach. The breach hurt their bottom line significantly because apart from investigation and remediation costs they had to invest in rebuilding their brand image to retain customers.
So who is at risk?
Smaller retailers and restaurants falsely assume that because they are a small company, they are immune from cyber-attacks and breaches in network security. But in fact, all businesses that have any confidential information that hackers may want are at risk. Retailers and Restaurants are especially vulnerable to an attack because they process sensitive customer credit card information, which hackers could want for monetary gains. According to a 2015 study by Trend Micro, the retail industry is the fourth most common sector to be affected by data breaches, after Healthcare, Education and Government –12.5% of all breaches happen in the retail space.
Over the last 6 years, millions of retailers’ records have been compromised. The figure below outlines the companies that have been breached, the number and types of records compromised.
In the top 20 publicly disclosed data breach table shown above, a majority of them are retailers, which proves that this industry is at risk of data breaches. Hackers want any confidential information they can get their hands on and if they can get to it easily within the company’s network, then they will compromise it. With so much at risk (and expensive consequences), retailers need to make security a priority and work towards building a secure network that protects their company’s information as well as that of their customers.