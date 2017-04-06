The problem has become so acute that 89 percent of cyberexecutives in the retail industry reported that their companies had been compromised by attacks in the past 24 months. Retail cyberdefenses were generally in such disarray that researchers two years ago discovered it took an average of 197 days before the companies detected advanced threats on their networks.

Cybercriminals routinely target retail in hopes of stealing valuable customer information, such as credit card data. In fact, retail now suffers the most attacks per client of any industry sector and sustains three times as many attacks as the financial industry.

report ed cybersecurity as a potential risk to their business. Last year all of them did.

Changes in technology and regulatory policy have also forced boardrooms to pay more attention to the problem.

For instance, retailers and merchants now face added fraud liability as a result of rules imposed by the credit card industry late in 2015 requiring retailers to upgrade to modern card readers that accept EMV (Europay, MasterCard, Visa) chips. These systems, which are meant to enhance security, call for users to insert, not swipe, their cards.

But they also move fraud liability away from banks to retailers who don’t add the new equipment.

Meanwhile, the imposition of new data privacy regulations, here and overseas, raises the stakes for retailers to button up their cybersecurity defenses sooner, rather than later. A new European data protection law that takes effect next year will impact any retailer marketing to E.U. residents, even if they only do business over the internet. If the retailer’s digital protections fail, for example, a resulting data breach could leave the company vulnerable to stiff fines and lawsuits.

In response, headway is being made. Retail spending on cybersecurity once lagged behind other major sectors, for example banks and healthcare companies. Despite the added expense, retailers are stepping up their investments in new technologies, such as their adoption of chip-and-PIN credit cards, and the result has been a decrease in the rate of credit card fraud.

While retail IT security managers increasingly express confidence in their ability to face down new cyberthreats, they need to invest in a multilayered defense that has worked for other sectors. They also should install a full complement of breach detection technologies including anti-virus software, intrusion detection systems and malware detection.

At the same time, they need to review standing policies and procedures to eliminate weaknesses in their cyberdefenses.

The same goes for patching software vulnerabilities and eliminating out-of-date products that pose security problems.

Companies also need to make cybersecurity foundational and impress upon employees the urgency around good cybersecurity practices.

The bad news is that retail is still viewed as low hanging fruit by cybercriminals. The good news is that it doesn’t take much to send the bad guys home empty-handed.