New research by password manager NordPass finds that businesses operating in the retail field have leaked consumers’ data more than most other industries.
Since late 2019, almost 730 retail companies globally have reportedly suffered data leaks during which various consumer data (e.g., email addresses, passwords, and usernames) was leaked.
This places the retail industry in third position among sectors with most client data leaks, behind entertainment and technology companies.
The study utilised independent third-party researchers to investigate which companies in the retail and other industries in terms of their size, type (i.e., private, non-profit), and origin are failing to secure consumers’ data the most.
In which countries are retailers most vulnerable to data leaks?
Of retail companies worldwide that are responsible for exposing clients’ data to hackers, over a fifth are based in the US.
With US companies leading the list, Brazil and France follow with around 80 and 70 businesses respectively.
What kinds of companies are targeted the most?
Private businesses in the retail field were of most interest to hackers. Based on the study, they make up almost a half of organizations that had their clients’ data stolen.
Less so, cybercriminals have also targeted public companies (7%), solopreneur businesses (6%), and other types of organisations.
Researchers have also concluded that smaller companies are more likely to experience a breach and lose clients’ data as a result. In the retail industry, companies with up to 50 employees had their clients’ data compromised the most. A recent study confirmed that retailers are failing to train their staff in cybersecurity.
How can retailers protect themselves against data leaks?
GlobalData’s research on cybersecurity in the retail industry finds that ICT vendors need to consider retail-specific security challenges. This is because retailers’ IT infrastructure differs from other verticals in the form of retail-specific hardware and software usage. These include PoS, beacons, eCommerce and supply chain management systems.
Additionally, data flows from external sources need to be considered. Retailers share large data volumes with customers, suppliers and partners, which increases their vulnerability since any connected systems used by third parties provide a route into retailers’ networks.
Insider threats also form a major risk and require strong governance and access monitoring. Access to systems and data needs to be restricted to staff that relies on them for their work, with any actions tracked.