The Global State of Information Security® Survey 2016

Retail and consumer summary

Retail and consumer companies are taking decisive action to bolster their cybersecurity capabilities. Many are moving to strengthen their cybersecurity posture by implementing technologies such as cloud-based cybersecurity, advanced authentication and Big Data analytics. This year, average information security spending soared 67%. Given the rash of high-profile breaches, it was not surprising that companies boosted security spending; the real challenge, however, may be achieving sustained results from these investments.

Securing payment channels

Many organisations are focusing on improving the security of payment channels. In the US, companies were rushing to complete the migration to the EMV (Europay, MasterCard and Visa) standard for payment card systems. In addition to the EMV migration, retail and consumer companies said they also were exploring other technologies and processes to protect customer data including, point-to-point encryption, next-generation firewalls and tokenisation.

Addressing risks of business partners

Assessment of the security capabilities of third-party business partners—cloud providers, in particular—has emerged as a top priority for many retail and consumer companies. Most said they conduct assessments twice a year or more frequently. Many are using risk-based security frameworks to improve third-party cooperation. These guidelines can help companies more easily exchange information with third-party business partners and suppliers, and communicate expectations and concerns about services that are being provided.

The elevated roles of the CISO and Board

Internally, businesses are expanding the roles of the Chief Information Security Officer (CISO) and the Board of Directors to improve understanding of cyberthreats and help build resilient risk-based cybersecurity capabilities. In fact, we saw double-digit gains in Board participation in most aspects of information security. The increased participation may account, in part, for the sizable increase in security budgets this year.

The Global State of Information Security® is a registered trademark of International Data Group, Inc.