Most senior security executives across multiple industries, including retail, fear their companies are vulnerable to security attacks. About 88% of 1,100 senior security executives surveyed by Thales e-Security and analyst firm 451 Research admitted as much, and 52% confessed they their companies had fallen victim to a data breach in the past.
The study also found that 19% of those surveyed feel their companies are “very” or “extremely” vulnerable to such attacks, even though the study also noted that the percentage of U.S. retailers experiencing data breaches has declined about 3% in the last year to 19%.
That percentage is lower than for any other U.S. industry vertical polled for the report, including healthcare (20%), financial services (24%) and the U.S. federal government (34%), Thales and 451 Research said.
This study covered a variety of verticals, but called out some interesting retail-specific figures. Among the most interesting, 95% of U.S. retail organizations say they will use sensitive data in cloud, big data or Internet of Things environments this year, but 53% of those surveyed said they think this is proceeding without proper security in place.
That's a startling admission that retailers are closing their eyes, crossing their fingers and hoping for the best. The study further stated that among the 19% of U.S. retail firms that experienced a data breach in the last year, for more than half of that group it was not the first data breach they experienced. It also should be noted that globally, retailers did not fare as well at dodging data breaches as U.S. retailers did. In fact, about 43% of global retail respondents admitted to suffering a data breach within the last year.
So, what are these companies doing about it? The study said that 77% of U.S. retail firms are increasing IT security spending, so that's good, right? Maybe. 88% of survey respondents said they value network security as a protective measure, but network measures often don't protect cloud-based data. Meanwhile, data-at-rest security solutions, which Thales and 451 said are more effective at protecting actual data, were far less valued as a security measure by those spending retailer security budgets.
As it turns out, there is a good reason security execs still fear attacks. In many cases, they appear not to know exactly what to do to stop them.