1. News
March 6, 2018

Retail businesses struggle to keep customer data secure

As the General Data Protection Regulation (GDPR) comes into force on 25 May, keeping data secure remains a top priority for retail businesses, with an increased urgency to improve the way data is manages and secured.

By Pamela Kokoszka

As the General Data Protection Regulation (GDPR) comes into force on 25 May, keeping data secure remains a top priority for retail businesses, with an increased urgency to improve the way data is manages and secured.

Despite the impending deadline, the rapidly evolving threat landscape and growing struggle to encourage consumer spending, new research from managed services provider Claranet has found that many companies are still not managing their data as well as they could.

Claranet’s ‘Beyond Digital Transformation’ research by surveyed 750 IT decision makers and identified that security is an area that many are struggling with.

Over half of the respondents (69%) said that they were not able to secure data effectively, with 45% encountering challenges around securing customer details when trying to improve the digital user experience for customers. Claranet says this shows a lack of capability when it comes to managing security in a reliable manner.

The research also found that IT teams are struggling to acquire the skills and expertise that are necessary in addressing this disparity. Information security was identified as a biggest challenge for 37% of respondents, and 41% stated that their security procedures and requirements hold back their ability to innovate.

Claranet UK managing director Michel Robert said: “There can be little doubt that data security is one of the most pressing issues facing retail businesses today and that sound security practices are the foundation upon which a positive customer experience is built, but our research confirms this is an area in which most retailers are failing.”

Content from our partners
Advanced analytics and predicting market trends in FMCG
How smart predictive analytics is shaping product development
Data analysis in the brave new world

He added: “The GDPR is on our doorstep, but it is clear that many have their work cut out if they are to comply with the regulation. Thinking more broadly, the fact that almost seven in ten organisations can’t guarantee the security of their customer data is particularly concerning.”

According to Robert, part of the problem arises from the lack of skills, expertise or the time to keep up with the changing landscape amongst internal IT teams.

Barriers to embracing new technology and new ways of working were identified as skills shortages (34%), lack of time (29%), lack of senior management support (28%) and lack of resource (28%).

The survey found that IT departments’ top priorities are improving security (43%), application performance and reliability (34%), reducing expenditure (30%), enabling business agility (29%) and improving application development (27%).

Robert said: “Our research has shown that organisations are very much aware of this problem, but also that they are still some way away from solving it. Retailers will need to stay alert to changes to legislation and the nature of prevailing threats, compliance and legislation as more and more data is stored and analysed, but security can slide down the list of priorities, jostling with ‘keeping the lights on’ maintenance activities and innovation.”

Businesses plan to increase their investments in IT in order to address these shortcomings. The survey found that 56% of retail businesses are expecting to increase their IT budget across the entire organisation by at least 5% next year. Only 13% of the surveyed retail businesses are set to prioritise improving their security.

Robert continued: “It’s encouraging that businesses are planning to invest more heavily in their IT capabilities, but security should occupy a much higher place in the agenda in this area, especially given the fact that customer transactions and cardholder data held by retailers will be particular targets for cyber attackers.”

Robert believes that it’s important for businesses to recognise that much still needs to be done in terms of increasing cybersecurity capabilities to ensure GDPR readiness.

He said: “Businesses are aware of the challenges they face, but the current level of available expertise can hold back initiatives. By working with expert third parties, retailers can rapidly gain an extra layer of cybersecurity expertise, identify vulnerabilities and define priorities for improvement.”