While retailers place extremely high priority on data security and invest tremendous resources to prevent attacks, cyber-criminals are persistent and their methods of attack are increasingly sophisticated. Enhanced security measures help to thwart attacks, but unfortunately some attacks have been successful and the resulting incidents can affect millions. Recent successful attacks against retailers, technology companies, utilities and even the most sophisticated government agencies have understandably focused public attention on cybersecurity and data privacy.
There are other important reasons behind recent attention to data privacy and security.
First is the volume of data available to organizations and individuals. It is said that more data will be generated in the next two years than was generated in the entire history of humankind. To retailers, access to such “big data,” and the analytics to interpret it, are essential to providing the tailored services that customers demand. Attention to the security and privacy of that data is understood to be important.
Second, seemingly everything, from refrigerators and TVs to wearable technology that monitors physical activity for health purposes, can now collect, store and transmit data. The internet-of-things, as it is often described, is likely only to expand and as it does, important decisions will have to be made about how to address privacy and security.
While the retail industry is certainly not alone in facing these strategic privacy questions, in many ways its cybersecurity-related challenges are unique.
Unlike attacks on non-consumer facing industries that seek proprietary corporate information, cyber-attacks on retailers are aimed at sensitive consumer financial data that can be used for financial gain. The number of those potentially affected in a successful attack is staggeringly high. Such a breach can affect consumers’ faith in the system and can damage the relationship that all retailers seek to build with their customers.