New BDO cybersecurity report finds retail industry noncompliant with global payment card data security standard
21 May 2019
The global retail industry’s investments in cybersecurity are largely insufficient, according to the 1st quarter Cyber Threat Insights by BDO’s International Cybersecurity Advisory Services. As a result, the average cost of a cyber data breach in the retail industry continues to climb every year, as does the average cost of cyber liability insurance coverage.
According to BDO, a case in point is that, on the 15th anniversary of the Payment Card Industry’s (PCI) Data Security Standard (DSS), many retailers are still not PCI-compliant. Created in in 2004, the standard’s objective was to increase security controls around credit card information and fraud incidents.
Among industries worldwide, retail ranks lowest on supply chain security, correct firewall usage, protection against malicious software, the development and maintenance of secure systems, access authentication and the testing of security systems and processes.
BDO points out that, while credit card numbers are considered a highly lucrative reward of a successful cyber-attack because financial information can be re-sold quickly on the black market, consumers are affected in other ways than just by the misuse of financial information, including:
- Increasing prices of products or services
- The compromise of personal identifiable information and identity theft
- Theft or loss of products once purchased
- The loss of value of stock or other investments made in the retail industry
More companies are facing major lawsuits from their own shareholders, consumer protection groups and federal and/or state government agencies for their negligence in providing an adequate information security programme for their organisation. This results in significant financial losses and negative impacts on brand and reputation.
Please find the download here.