Research reveals that retailers have unwarranted confidence in their cybersecurity
While the Covid pandemic has impacted many sectors, few have been harder hit than hospitality and retail. In the UK, official data showed that just 59% of hospitality businesses were trading in December 2020, which compares to 84% of businesses across the economy as a whole. What's more, even among those who were still open, business was far from brisk, with 41% saying that trading was extremely poor.
Research from Cornell University’s Center for Hospitality Research suggests that difficult trading conditions are not the extent of the sector’s problems. The study, which was conducted in partnership with payment tech company FreedomPay, found that while nearly all of the companies surveyed across retail, hospitality, and restaurant sectors were confident in their cybersecurity arrangements, this confidence is largely misplaced, with around a third of those companies suffering a data breach in recent times.
"The technological revolution and the global pandemic have created a perfect storm for one of the biggest challenges facing merchants today: how to smash channel siloes and join operational dots to deliver seamless integration of physical and digital services in a safe and smart way," the report says. "To deliver services safely, merchants rely on cybersecurity systems that can become vulnerable to data breaches if not re-evaluated periodically."
What’s more, once companies have suffered from a data breach, the overwhelming majority suffered a second, third, or fourth breach again within a year. Indeed, an incredible 69% of retail businesses have suffered from over three data breaches in a single year.
A sector at risk
The authors highlight the growing complexity of the e-commerce landscape, which has made more and more businesses aware of the cybersecurity challenges they face.
“Retailers and hospitality businesses increasingly view their payments systems as more than transaction processing – they are important sources of data and customer insights,” the authors say. “Merchants and consumers alike need the assurance that this data is being protected and managed properly.”
The complexity of the modern operating environment is illustrated by the number of threats that are emerging for businesses both internally and externally. For instance, respondents cite threats such as malware and payment integrity as among the most common threats they face today, with risk management the biggest challenge faced by them and their systems.
Worryingly, businesses also report that there is a considerable internal threat, with 86% of respondents saying that human error was creating cyber vulnerabilities, whereas a further 81% said that a lack of education was creating gaps for cybercriminals to exploit.
Shutting the door
As businesses try and protect themselves, these efforts often result in an increasingly complex operating environment. For instance, nearly three-quarters of respondents said that they’re currently using more than one cybersecurity technology, with this especially common among medium-sized businesses. Often these systems are dispersed across the various sites operated by the business, and there seems a degree of confusion around whether such systems should be operated by a single department or a number of departments, with this confusion especially so among larger businesses with more complex operational arrangements.
Despite these challenges, the importance of achieving good cybersecurity certainly appears to be understood and appreciated by nearly all businesses, with 91% saying that they thought customers would be more active and loyal if they were confident in the cybersecurity measures deployed by businesses.
"The vast majority of companies believe that their customers would be more loyal, reassured, and satisfied with additional security measures," the researchers say.
Despite this, there is also a clear desire not to make achieving a cybersecure business laborious for consumers by adding in additional steps that make the customer journey difficult. What’s more, around half of businesses reported that they didn’t want to increase costs considerably, while a similar number said they were concerned about any disruption to service caused by investment in IT security.
Becoming more secure
The researchers make a number of recommendations for businesses to become more secure, including working with a third-party supplier to provide effective data management and security services. They also argue that the most effective way of combatting external threats is to ensure that all hardware, software, and firmware is kept up-to-date and the latest patches are installed.
Businesses were also keen to enlist as much support as they could from the government, with respondents saying that they want them to be a key aid in fighting cyber threats and enhancing cybersecurity policies.
"These recommendations underscore the relevance of cybersecurity systems in meeting the adapting needs of consumers and companies in a data-driven digital era," the researchers conclude. "Small, medium, and large businesses in the F&B, hospitality, and retail sectors have varying approaches toward cybersecurity tactics. Still, all emphasize the importance of such measures in protecting vital information and enhancing customer satisfaction."