Trillions of dollars’ worth of transactions flow through Western retailers each year. These funds, and the personal and financial information of the shoppers they belong to, make the industry a popular target for threat actors. It’s tempting, therefore, to think of cybersecurity as a necessary investment to mitigate the financial and reputational damage that serious breaches can cause. But the reality is there’s another, arguably more powerful reason to invest in data-centric security: building long-term customer trust.
Research reveals that customers are increasingly hard to please. But among their top demands is that retailers take more care protecting their sensitive information. It’s an opportunity that savvy industry leaders are already looking to grab.
Hitting the bottom line
As storers of cardholder data, retailers have long had to comply with strict industry regulation PCI DSS. It places onerous requirements on IT departments in the sector to ensure this data is protected at all times. Yet, according to Verizon figures, fewer than half of retailers (43%) maintained full compliance last year, while 57% failed interim validation assessments due to the omission of important security controls.
That’s bad news at a time when 77% of retailers experienced a ransomware attack in 2021, up significantly from 2020 figures (44%) and much more than the average across sectors of 66%. Ransomware usually comes alongside data theft these days, which means the potential for highly regulated customer information and/or sensitive IP or trade secrets to be stolen and leaked. Separate data claims that between January and November 2022, 279m records were compromised. Things seem to be worsening. Additional research from last year finds that 45% of retailers believe the volume, severity, and/or scope of cyberattacks increased in the previous 12 months.
Building trust
This kind of news shouldn’t just prompt reactive security spending to protect the bottom line. There’s also an opportunity here to build closer ties with customers. At a time when cyber risk appears to be surging around the world, customers want businesses they can trust. Those who fail to deliver the assurance that personal and financial data is safe risk losing out. This trend is even more acute as:
- Shoppers can switch brands more easily than ever, especially if they’re shopping online
- Social media provides a readymade channel to amplify any grievances they may have about a particular experience or incident. Bad news travels further and faster than before
- Younger shoppers are least trusting. Only 39% of those in the US say they trust brands to keep their data safe, the lowest figure of any generation
Data-centric security can build trust
Security could therefore play a major part in helping retailers to build brand loyalty. In fact, Capgemini data reveals that cybersecurity and data privacy are almost as important a factor as product availability and quality when choosing a retailer. Globally, the study finds that the share of satisfied customers increases from 9% to 22% if consumers know their primary retailer has implemented a set of security best practices. The biggest increase comes from implementing encryption of stored data (15%).
Applying strong data protection mechanisms like encryption and tokenization to customer information would therefore seem like a great place to start in the battle to win consumer hearts and minds. But any system that is used used should be able to automatically and continuously discover and classify that data, wherever it resides or is moved to.
Doing so could build the kind of trust that many brands dream of—with a positive financial and reputational impact to match. Some 88% of customers who trust a retailer will buy from them again. And trusted companies are said to outperform their peers by up to 400% in market value, according to Deloitte. It’s time to prioritize data-centric security as a loyalty and brand builder.
