Majority of retail security professionals took additional IT security precautions this year, prepped earlier than usual
PORTLAND, Ore. – December 15, 2020 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a new research report that assessed retail cybersecurity programs in 2020. Conducted for Tripwire by Dimensional Research last month, the survey evaluated the opinions of 203 security professionals working in the retail industry.
According to the survey, 78% of retail businesses have taken additional IT security precautions for the 2020 holiday shopping season, compared with prior years. Of those, 87% said they took additional precautions explicitly because of the potential rise in online retail fraud as more consumers turn to e-commerce due to COVID-19.
“The retail industry has certainly had to adapt to the challenges of 2020, particularly as COVID-19 has either prevented or discouraged consumers from in-store shopping,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Because of this, retail organizations have had to make changes this holiday season — they started earlier and expected increased volume, along with increased risk to both consumers and retailers.”
This year, 63% of retail organizations said their IT security teams started preparing for holiday shopping earlier than usual, and 57% said the current surge in online shopping has made security especially difficult.
The survey also examined the current state of best practices as mandated by major security frameworks and regulations:
- Over half (61%) said their ability to detect and respond to a security breach is better now than a year ago.
- About one-third (32%) characterized their organization’s capabilities for protecting customer data as “excellent” — a significant increase from only 19% who said the same in 2017.
- More organizations are discovering IT assets automatically (97%), compared to 85% in 2017.
- Configuration changes are identified more quickly, with 64% detecting them in minutes or hours, compared to 55% in 2017.
- Most organizations are addressing vulnerabilities within 15 days of detection (45%), or between 15 to 30 days (35%).
Erlin added, “While we may see increased cybersecurity risk this holiday season, the basic security controls required to protect retailers haven’t dramatically changed. Understanding what assets you have, ensuring that they’re configured securely, and finding and fixing security issues are all important steps in running a secure business.”
For more detailed findings, please visit our most recent Holiday Cybersecurity Survey Report.