How Data Security Can Drive an AI Revolution in Retail

Artificial intelligence (AI) is transforming the fortunes of companies across the planet. But retailers are in a particularly advantageous position, given the large volume of data they manage—on everything from stock levels to customer transactions. The challenge for these organizations is that cyber risk can imperil digital transformation projects like AI.

Only by securing the data on which AI models are trained can retailers hope to extract maximum business value from this exciting new era. If they fail, there will be plenty of competitors out there ready to take their position.

Changing the game

Retail is booming. In the US, e-commerce sales alone exceeded $1.1 trillion in 2023, a sizeable 7.6% increase on the previous year. But ambitious companies are eyeing an AI prize which could turn billions of dollars of value into trillions, according to McKinsey. Generative AI alone could create up to $390bn in economic value for the sector—the equivalent of a margin increase of 1.2-1.9 percentage points. That’s why mention of AI in retail earnings calls apparently surged in 2023.

What are retail business leaders so excited about? Among other things, AI can:

• Enhance demand forecasting to help optimize inventory levels
• Improve the customer experience through more accurate personalized recommendations, virtual assistants and smart fitting rooms
• Optimize supply chain management by improving delivery routes and supporting predictive maintenance for equipment
• Uplift fraud prevention efforts through anomaly detection and real-time monitoring
• Support dynamic pricing and personalized offers in order to maximize revenue

The AI threat

However, greater digitization also opens the door to new business risks, given the highly regulated and monetizable customer and financial data that retailers store. The sector is already a popular target: 45% of retail organizations said they were hit by ransomware last year, for example. The growing number of cyber-threats facing retailers is also due to the extensive attack surface malicious actors have to aim at—ranging from POS machines and back-end e-commerce infrastructure to customer-facing apps and cloud environments. AI will increase this attack surface even further, potentially enabling attackers to:

• Steal training data and the output of AI models, including:
  • Customer and employee personally identifiable information (PII)
  • Intellectual property and trade secrets
  • Corporate financial information
  • Data on suppliers and partners

• Poison AI training data to sabotage models, manipulate systems and create harmful outputs, leading to:
  • Misleading product recommendations for customers
  • Incorrect demand forecasting that may lead a retailer to waste money overstocking, or be caught short of stock
  • Poor corporate decision making, which damages reputation and stakeholder trust
  • Compliance and legal challenges which damage the bottom line

Future-proofing retail

The challenge for retailers is to mitigate these data security risks in a way that ensures the underlying data can still be used for growth-enhancing AI projects. The answer is a data-centric security approach built on tokenization, which ensures robust data protection without compromising on utility. comforte’s Data Security Platform does this by:

• Discovering and classifying data automatically and continuously
• Protecting that data via tokenization (or other methods) in line with policy
• Only providing access to users according to their role and least privilege principles

comforte is already helping global retailers to mitigate PCI DSS 4.0, GDPR and other regulatory concerns. It can also help to future-proof your organization against AI-related risk as it launches new growth initiatives.