Although high-profile megabreaches have lessened in the past year, retail and consumer respondents continue to battle theft of payment card data. A key defense is implementation of chip-based EMV payment card technologies in retail locations. Yet only 20% of respondents have deployed the new card infrastructure at all retail locations, with an additional 40% saying they plan to deploy EMV at all stores within the next six months.
While timely EMV deployment does not seem to be a priority, more retail and consumer businesses are proactively safeguarding payment card data by beefing up their point-of-sale (POS) systems. Many have strengthened POS security by deploying technologies such as malware detection, encryption and tokenization. What’s more, almost two-thirds (64%) say they follow secure coding requirements to help ensure proper handling of payment card data in memory.
Retail and consumer businesses are adopting advanced technologies to help protect data privacy and detect cybersecurity incidents. These include cloud-based security tools, next-generation threat detection, advanced identity and access management, and context-aware behavioral analytics.
Respondents are also implementing a technology that, while not cutting edge, represents a new way to develop and run on-premise systems. Almost half (47%) of respondents say they use open-source software, which has been around for decades, in place of traditional enterprise software and middleware. Among respondents that have embraced open-source software, 46% say the technology has enhanced their cybersecurity and privacy program.
As trust in cloud models deepens, organizations are starting to run more sensitive business functions in the cloud. While IT operations are most likely to be run in a cloud environment, one-third or more of the survey respondents also entrust cloud providers with more sensitive functions like marketing and sales, customer service, purchasing and operations. Almost three-fourths (74%) of respondents say they are prepared to protect sensitive data in the cloud and other third-party environments over the next 12 to 18 months.
Retail and consumer businesses understand that a cloud provider is only as good as its cybersecurity and privacy capabilities. That’s why many respondents are proactively evaluating the capabilities of cloud providers. In fact, 59% of respondents conduct security assessments on third-party cloud providers to ensure they comply with security and data-protection policies. And more than half (52%) of respondents say they assess third-party cloud providers twice a year or more frequently.
As consumers become increasingly concerned about how their sensitive data is gathered and shared, effective data-privacy capabilities are no longer a nice-to-have program—it is a business imperative. Retail and consumer respondents say they plan to address several privacy initiatives over the next 12 months, with an emphasis on updating privacy policies and procedures and training.
In addition, one-third of retail and consumer respondents say they have implemented a program to monitor third-party partners and service providers to help ensure they comply with security and data-protection policies, and 38% plan to implement this type of program in the future.
"Overall, retail and consumer packaged goods companies have made good progress improving their foundational security postures over the past year through the heightened awareness of Boards and senior executives. But senior leaders and decision-makers should not become complacent as the business landscape continues to transform through the digital engagement of consumers, employees and business partners. New risks and avenues for compromise are likely to further evolve, and cybersecurity and data privacy and protection should always be top of mind."