Tomorrow is Thanksgiving, and then Friday—Black Friday—kicks off the official start of the holiday shopping season. Retailers love the materialistic frenzy of the holiday season, and so do cybercriminals. Companies are busy trying to sell as much as possible, and consumers are so hungry for deals that it makes cyberattacks that much easier to execute.
Letting your guard down is costly. Duo Security compiled data on data breaches, and created an infographic titled Modern Retail Data Risks: The US Retail Industry By the Numbers. It details the concerning trends in the scope and cost of data breaches, including three statistics that stand out as alarming.
First, Duo Security discovered that there were 62 percent more data breaches in 2013 than there were in 2012. The increase in the number of separate breaches, however, pales in comparison with the spike in stolen records or identities. According to Duo Security, that number skyrocketed 594 percent. More breaches, and more affected customers resulted in the third alarming statistic—the cost of credit card fraud losses in 2013 was a massive $18 billion.
There are about 3.6 billion establishments that make up the retail industry. The retail industry employs more than 14 million people, and contributes around $2.5 trillion annually to the nation’s economy. The astronomical revenue is probably why companies don’t seem to be doing as much as they can or should to guard against breaches. That $18 billion figure is a lot, but it represents less than one percent of the revenue, so it’s almost a negligible “cost of doing business” for large retailers.
Even the largest retailers are not immune from the repercussions of not protecting customer data, though. In the wake of one of the largest data breaches ever, Target’s fourth-quarter profit dropped by 42 percent. The message seems to be that the overall cost isn’t enough to drive improvements in security because organizations think it won’t happen to them, but that data breaches are very costly for the companies that are compromised.