The Over Under on Retailer Cyber Security

Given the digital and physical last mile to the consumer and increased threat-targeting by bad actors, one would expect a tremendous surge in capability for Cybersecurity in the retail organization. Yet, for the average firm, this is often not the case.  Except for the large giants, the typical retailer is striving to stay in business in the digital world – while protecting customer data, securing the supply chain, and safely taking payment under maximum financial risk to online disruption.

Retailers are:

Underserved  

• Less regulated. Except for customer payment data related controls, there are not as many mandated cybersecurity requirements that affect all retail competitors as is the case in other verticals.
• Lean budgets. The retail industry is known for slim margins which has significant effect on cyber security budget and staffing.  
• Talent shortages. Retails are experiencing talent shortages in general. There are thousands of unfilled security jobs and retailers are competing with rich industries like oil and gas, fintech, and healthcare.  

Under pressure

• Digital Disruption. Consumers are spending more time on their mobile devices and less time in stores, also shifting from mobile browsers to mobile apps.
• Pandemic affects. Lockdowns have had economic impact and shifts for store operations, supply chain, the whole of these businesses.  

Overexposed

• Fraud increasing. Retailer losses due to inventory shrinkage is at an all-time high and 45% of it involves an online component.  
• Incidents increasing. Cyber incidents among retailers are soaring.  One report suggests Ransomware attacks affected 44% of all retailers this past year. U.S. merchants reporting a 140 percent increase in attacks since 2020, 52 percent of which were successful.  

Some are more challenged than others for sure, but as an industry there is a need to increase capability.  

A couple of years ago I was visiting a medium-sized retail customer. The stress of keeping all their digital assets and store assets available so dollars could flow was palpable. They told me of their personal obligation to be onsite 24x7, sleeping, working around the clock in preparation for the inevitable.  There are small, brave cyber security teams all over the world fighting to assure that the joy of that purchase continues to accrue to their brand weeks, months, years after it happens. It is an unfair and noble fight. Millions of hours of effort can evaporate with one cybersecurity incident. The people that lead these teams and manage the risk are under tremendous pressure to compete for talent, create the culture, do more with the same, assure the results, and pave the roadmap for the future.  

Our new company Alfahive stands with them!

Alfahive is on a mission to fundamentally change the status quo. To help our retail and consumer goods community wring every drop of protection value out of the investments they are making, to know their risk equation in reliable business context like never before, and to powerfully target initiatives that gives the leader more confidence and the organization a fighting chance.