Survey Shows Cybersecurity Danger Worse than Most Retailers Think


There's a huge gap between retailers' perceptions and reality when it comes to cyberattacks and preventing data breaches, according to a new study from Dimensional Research and Tripwire. When asked how quickly their organizations could detect a data breach of critical systems, 60% thought that the breach would be discovered within 72 hours. Only 20% expressed doubt that their organizations would be able to discover the breaches quickly.

The reality is dramatically different.  Various studies have come up with different numbers, but all show that it takes far longer to detect serious cyberattacks than the retailers' three-day estimate. For example, a study conducted by Mandiant found that the average time to detect breaches was 229 days — or more than 76 times longer than the retailers' estimate. Another study, conducted by Verizon, found that it took weeks to detect most breaches committed at points of sale, and months to detect 43% of breaches online.

The retailers surveyed also displayed an unwarranted confidence in the effectiveness of their security measures to combat cybercrime. The Dimensional Research survey found that 82% were either very confident or somewhat confident that their security controls could detect rogue applications. High-profile data breaches, however, have put the retail world on notice. Almost 70% of survey respondents said they thought that highly publicized data breaches have increased the amount of attention that executives at their organizations pay to security.

Cybercriminals target retail businesses more often than any other type of organization.  A study by Trustwave found that 35% of cyberattacks were aimed at retailers, highlighting the need for retailers to rethink their data security efforts. But cybercriminals can attack any organization that stores confidential or sensitive information electronically. Recently announced suspected breaches include the theft of medical records of 4.5 million patients and credit and debit card information of customers of two grocery store chains.

An organization's employees provide the first line of defense against costly and reputation-damaging data breaches.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomson Reuters Compliance Learning | Attorney Advertising

Written by:


Thomson Reuters Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.