97% Used to Be a Good Grade—But Not for Retailers Facing Data Breaches

Posted on By Martin Hinton No Comments on 97% Used to Be a Good Grade—But Not for Retailers Facing Data Breaches

When we saw 97% on a grade school test, it meant we did well. For America’s top retailers, that number signals trouble. A new report by cybersecurity firm SecurityScorecard reveals that 97% of the top 100 U.S. retailers experienced third-party data breaches in the past year.

You could peg this to the coming holiday shopping season, but the truth is it’s a year-round problem. Regardless of news hooks, the study highlights significant vulnerabilities in the retail sector. Retail chains handle extraordinary amounts of customer data. It includes payment details and personal information. This is valuable, and criminals go where the value is. Cybercriminals are no different and seek to exploit data for identity theft and financial fraud.

SecurityScorecard found that only 12 retailers were directly breached—however, nearly all faced breaches through third-party vendors.

Key Findings:
  • 97% of retailers experienced third-party breaches, even though only 4% of vendors were compromised.
  • 97% also suffered fourth-party breaches stemming from just 2% of vendors.
  • All of the top 20 U.S. retailers faced a third-party breach.
  • Only 22% of retailers received an A security rating. Those with a B rating were 2.9 times more likely to suffer data breaches.

Ryan Sherstobitoff, Senior Vice President at SecurityScorecard, summed it up this way, “In the hustle to keep up with holiday sales, retailers must not let their guard down. Cybercriminals are lurking, ready to exploit any distraction. A single data breach could devastate a company’s bottom line and irreparably damage consumer trust.”

SecurityScorecard recommendations to avoid retail data breaches:
  • Continuously monitor external attack surfaces. Implement automated scanning to detect cybersecurity risks across vendor and partner environments.
  • Identify single points of failure. Map critical business processes and technologies to find vulnerabilities. Create a watch list of key vendors.
  • Automatically detect new vendors. Monitor vendors’ IT deployments to identify and resolve hidden supply chain risks.
  • Scrutinize external technology supporting e-commerce websites. Third-party products are common avenues for attackers to collect payment information.

Summing it up, almost all suffered a retail data breach. That’s bad. Protecting customers is crucial for maintaining consumer trust. It doesn’t matter if its their data or ensuring the escalator is in good working order. This is the trust any good business is, or should be, built on.

The report’s methodology analyzed the top 100 U.S. retailers based on 2023 worldwide retail sales. Researchers assessed over 14,000 domains, including third- and fourth-party vendors. SecurityScorecard gathers non-intrusive data on companies’ cybersecurity performance worldwide. They calculate an overall score, graded A through F, based on ten factors predictive of security breaches.

Source: SecurityScorecard Threat Intel Report: 97% of Top U.S. Retailers Experienced a Third-Party Breach.

Other News: Supply-Chain Risk Continues to Bedevil Large Companies and their Cyber Insurers (Opens in a new browser tab)

Other News

Martin Hinton

Martin Hinton is Executive Editor and Publisher of Cyber Insurance News and Information. His career in journalism spans over three decades and six continents. His work encompasses investigative journalism, documentaries as well as coverage of cultural, political and business news.

Cybersecurity, Cybersecurity Report Tags:, , , , , , , , ,

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *