Data breaches are down but retailers still think they’re vulnerable

US retail data breaches have dropped from 22 percent last year to 19 percent this, but 88 percent of retailers still think they’re vulnerable according to a new report.

The latest retail edition data threat report from cyber security specialist Thales e-Security, in conjunction with 451 Research, shows that 52 percent of retailers have suffered a data breach in the past. However, retailers may not be learning from past mistakes, with more than half of the 19 percent that were breached this year having also experienced a breach previously.

"First, the good news. Only 19 percent of US retail respondents reported being breached last year, significantly less than the global average," says Garrett Bekker, principal analyst for information security at 451 Research. "However, breach results were not so rosy for global retail -- a staggering 43 percent of global retail respondents reported a breach in the past year alone, approaching twice the global average. These distressing breach rates serve as stark proof that data on any system can be attacked and compromised. Unfortunately, organizations keep spending on the same security solutions that worked for them in the past, but aren’t necessarily the most effective at stopping modern breaches."

The report also finds that while 77 percent of US retail organizations are increasing IT security spending, they're failing to concentrate spending where it will make the most difference. 88 percent of respondents cited network security as 'very' or 'extremely' effective at protecting data from breaches -- even as network security fails to keep out attackers and is unable to protect data that is increasingly stored in the cloud. Spending patterns also indicate a focus on what has worked in the past with the planned spending increases being on network (67 percent) and endpoint (63 percent) protection. Data-at-rest approaches, which have proven to be effective at protecting the data itself, came in second from last (49 percent) in terms of retailer security spending priorities.

"It's encouraging that yearly retail data breach rates have finally started to drop, but rates are still quite high," says Peter Galvin, vice president of strategy at Thales e-Security. "With tremendous sets of detailed customer behavior and personal information in their custody, retailers are a prime target for hackers so should look to invest more in data-centric protection. And as retailers dive head first into new technologies, data security must be a top priority as they continue to pursue their digital transformation."

More detail on the findings is available in the full report which can be downloaded from the Thales website.

Photo credit: Khakimullin Aleksandr / Shutterstock