About 66% of companies in the retail/wholesale vertical that were surveyed by security technology company Radware admit to having paid ransom to a hacker within the last year, violating common wisdom about how to handle ransomware attacks, according to Radware’s 2018 Executive Application and Network Security Report.
Radware’s research also found that a single cyberattack costs a retailer an average of $1.6 million, and that 77% of retail executives admitted their security strategies were influenced by the fact that their companies already had suffered a data breach.
The report comes a week after several companies in the retail and payments sector partnered to create the Secure Payments Partnership (SPP), a group aiming work toward faster and more secure payment systems by taking input from a variety of voices across sectors.
Radware’s report is built on a survey of more than 230 executives from across different industries and global regions, so it doesn’t focus just on retail, but the retail-specific findings are notable and concerning.
Ransomware is now the fastest-growing and most popular form of malware being used in corporate data breaches, according to a Verizon study from earlier this year. There is much ongoing debate about whether or not companies should pay ransoms, but security experts typically advise against paying them because pay offs just give the hacker community more fodder and encouragement to attempt ransomware attacks — proof that their efforts will be rewarded.
Paying off hackers also does little to help companies figure out how to stop these attacks, keeping them in more of a reactionary mode and less focused on actual strategic planning and implementation of new protection mechanisms.
Fortunately, the fact that many retail executives said their security planning is influenced by past incidents hints that retailers are looking for long-term solutions. Perhaps it’s an indication that retailer attitudes about data breaches are changing: In the past they seemed to focus more on keeping data breach details from going public, and less talking about how they would come up with better protection schemes.
The newly created SPP is a coalition by the Food Marketing Institute, National Retail Federation, National Association of Convenience Stores, National Grocers Association, First Data’s Star Network and Shazam. This effort is encouraging and suggests that retail industry groups are seeking to have active input in security standards and technology developments that otherwise have been dictated to them by the major payment networks alone. Maybe retail is ready to do more about the problem of increasing security threats and attacks than just reacting to them.