According to Statista, approximately 179 million records were exposed in 1,579 reported data breaches in 2017. Businesses in all industries are affected by data breaches, although those in the financial services industry tend to incur the highest costs after a breach. Even though financial businesses lose the most money as a result of the breach, they are not affected by breaches as often as retailers. In fact, a new report states that retailers in the U.S. are leading the entire retail world in data breaches.
U.S. Retailers and Data Breaches
The 2018 Thales Data Threat Report, Retail Edition was released in July of this year. The most shocking finding from this report was that three-quarters of retailers in the U.S. admit to being affected by a data breach at some point. Furthermore, half of the retailers that participated stated that they had been affected by a breach within the last year. In the 2017 report, only 19% of retailers stated that they had been affected by a breach within the last twelve months. This means this number jumped from 19% to 50%–a significant increase–over the course of a year! These numbers put U.S. retailers far above the global retail average when it comes to data breaches.
Based on these numbers, the retail industry is now the second most breached segment in the U.S. The only segment that is ahead of the retail industry is the federal government.
How Retailers Plan on Preventing Data Breaches
Retailers are finally beginning to understand the severity of the risk that they face. According to the report, nearly half of retailers recognize that they are extremely vulnerable to data breaches. This recognition is important since preventative measures cannot be put in place until retailers realize the seriousness of the threat.
The Thales report also revealed that the vast majority of retailers–approximately 84%–are planning on increasing their information technology budgets to prevent data breaches. But unfortunately, this increase in budget may not achieve the desired results. Why? Experts believe that retailers are wasting their money on ineffective practices that will not protect them from data breaches.
Thales asked the respondents to rank different data breach defenses in order of effectiveness. The retailers were then asked to share which defenses they planned on investing in over the next year. The results showed that many retailers are investing heavily in defenses that they find ineffective or less effective than other strategies. For example, the retailers ranked endpoint and mobile defenses as the least effective strategies to protect their businesses against data breaches. Despite this poor ranking, the retailers admitted that they plan on investing heavily in this strategy in the near future. In fact, endpoint and mobile defenses ranked higher than all other defenses on the list in terms of expected spending increases. The defenses that were ranked the most effective were at the bottom of the list when ranked in order of planned spending increases. This shows that simply increasing a budget is not enough to prevent data breaches–the dollars must be allocated to effective defense plans, too.
How Retailers Should Prevent Data Breaches
There are several steps that retailers should take to protect their data. It’s estimated that about three-quarters of data breaches in the retail industry are inside jobs, which means employees either intentionally or accidentally caused the breach. Retailers should prevent the accidental inside job breaches by training employees on how to protect the company’s data. Teach employees how to handle sensitive data and create strong passwords so they don’t accidentally allow another party to breach the company’s data. Retailers should also explain the consequences of violating one of these policies so employees know that they should take data security seriously.
Retailers also need to put a data breach response plan in place. The report should outline who to notify if a breach does occur, when to alert the public, and how to stop the breach. Everyone who is involved in data security should be familiar with this plan so they can act quickly when a breach occurs. Having this plan in place will not prevent a data breach, but it will help retailers lessen the impact if a breach does occur.
It’s also important for every retailer to conduct due diligence prior to working with third party vendors. The number of data breaches involving third party vendors is on the rise, so this represents a growing threat to retailers. Before working with a third party, retailers must find out how they plan on protecting sensitive data that is shared with them. Retailers also need to know how long the third party will hold onto this data and how it will be destroyed when it is no longer needed. Every third party vendor needs to answer these questions regardless of what services or products they are providing. Remember, it was a small HVAC vendor that caused the massive data breach at Target several years ago. This illustrates how important it is to choose third party vendors wisely.
Every retailer should also partner with a reliable e-waste recycler that knows how to destroy data once an electronic device is no longer wanted or needed. Working with a reliable e-waste recycler can prevent a retailer’s sensitive data from falling into the wrong hands.
Make sure your sensitive data is safe by trusting ERI, the largest recycler of electronic waste in the world. ERI has electronic recycling facilities in California, North Carolina, Washington, Colorado, Indiana, Massachusetts, and Texas. Our facilities have the capacity to process over 1 billion pounds of electronic waste for clients in a variety of different industries. For more information on recycling electronics, or to request a quote from ERI, contact us today.