43% of retailers “have experienced a data breach in the past year” according to Thales Data Threat Report

Thales e-Security have published a report on data breaches for businesses and organisations, and the findings are a cause for concern.

According to the research, 43% of retailers have suffered a data breach in the past 12 months.

Just think about how many purchases you have made in the past year; now imagine almost half of those companies has suffered a data breach in the past year alone. This is a worrying issue, and it’s one that can affect us all.

Retailers knowing the risks…

The next set of statistics provide rather mixed feelings: 88% of these businesses admit they’re at risk of a data breach, with 37% saying they are “very” or “extremely” vulnerable to a breach. Whilst their worries are probably legitimate, it also provides hope that those companies are aware of the risks and will do something about it.

The report

The IT, cybersecurity and data security speciality firm worked with over 1,100 senior security executives to produce the insightful report. Thales recognises the increasing risks of data breaches through various methods including:

However, not all the statistics focus on the bad. Some 65% of participating businesses are encrypting their data to provide an extra layer of protection. Encrypting is one of the most basic methods of security protection. Like locking your front door, it can be an effective level of cybersecurity that renders information largely illegible, unless the encryption key is found. With the encryption key, cybercriminals who access personal and sensitive information can read it like a book.

Are businesses finally taking cybersecurity seriously?

Although they still have a long way to go, it seems businesses may finally be taking cybersecurity seriously by using cloud services like Software as a Service (SaaS). Yet, on the other hand, businesses are concerned that these very services may not be as fortified as expected and pose a threat to cybersecurity. Some 67% of businesses are reportedly reluctant to pass over sensitive information to cloud service providers in case they fall victim to security breaches or attacks themselves.

Retailers a “prime target”

Vice president of strategy at Thales e-Security, Peter Galvin, believes that:

“…with tremendous sets of detailed customer behaviour and personal information in their custody, retailers are a prime target for hackers so should look to invest more in data-centric protection. And as retailers dive head first into new technologies, data security must be a top priority as they continue to pursue their digital transformation.”

Resources are not matching the risks…

Thales believes there is a “big disconnect” with the number of data breaches and the amount of resources spent on data protection. Despite rising numbers on cybersecurity spending, data breaches are still going strong.

Around 75% of companies in the past year increased their IT security spending to protect their data; a significant increase from 58.5% on the previous year. However, the number of businesses who suffered data breaches compared to last year has also seen an increase of 5%.

Are the laws good enough?

Standard data protection laws mean businesses must comply with a certain level of data protection to ensure the data they hold is afforded some level of security. However, at 59%, too many businesses believe that, as long as they are compliant with these laws, they won’t become a victim of a data breach.

Principal Analyst at 451 Information Security, Garrett Bekker, explains:

“…compliance is a minimum table stake for regulated enterprises… But being compliant does not mean you won’t be breached.”

Two recent infamous data breaches: Yahoo and WannaCry

9 out of 10 healthcare organisations have dealt with data breaches