Cyber-attacks from malware, botnet to other attack vectors. Retail cyber executives reported the most breaches in the past 24 months
Cyber-attacks damage customer loyalty. Consumers are wary of the increased frequency of cyber-attacks against retailers, and many are ready to walk away from their favorite retailers if a breach occurs. In fact, according to the 2016 KPMG Consumer Loss Barometer, in surveying 448 consumers, KPMG found that 19% said they would stop shopping at a retailer that had been a victim of a cybersecurity hack, even if the company took the necessary steps to remediate the issue.
In addition to those who would abandon the retailer entirely, 33% of the consumers indicated that fears of further exposure of their personal information would prevent them from shopping at a breached retailer for at least three months. When asked which factors most likely contribute to a customer not returning – or delaying a return – to the store, consumers surveyed cited a lack of a solid plan to prevent further attacks as a top factor.
KPMG also conducted a survey of 100 retail senior cybersecurity executives (CIOs, CISOs, CSOs and CTOs). Despite consumer concerns, the survey highlights that cyber-attacks are not as top of mind with retail executives as it should be. 8 In 10 Cyber Security Execs admit their companies have been breached in the past two years. 55% say that they haven’t invested capital funds in cybersecurity protection in the past 12 months. 42% state that their company does not have a leader who is responsible for information security. Consumers are clearly demanding that their information be protected Retailers that don’t make cyber security a strategic imperative are making a mistake.
Other key findings suggest that cyber-attacks have already damaged consumer perceptions about the security of their personal information in ways that could hamper retailers’ ability to deliver personalization by leveraging shopper data.
- 52% of the consumers surveyed say they are not comfortable with shopper personalization, citing a desire to not have personal shopping habits and information be collected.
- 40% of consumers would not feel comfortable using a mobile pay app that had recently been hacked.
Cyber security remains a critical business challenge and a growing concern with a potentially devastating impact on company brands and bottom lines. Despite these damaging ramifications, many cybersecurity executives indicate that information protection may not be the strategic corporate imperative that it should be, according to a newly released report, the “Consumer Loss Barometer” by KPMG LLP, the audit, tax and advisory firm.
To view the report and videos, visit www.kpmg.com/us/consumerlossbarometer
“Cyber-attacks are affecting nearly every single company we encounter, but we’re not seeing those attacks drive enough proactive business action as evidenced by the rate of investment made in information security,” said Greg Bell, KPMG Cyber US Leader. “We’re still seeing companies taking a passive or reactive approach toward cybersecurity, when in fact cyber should be a top-line business issue thought about and practiced company-wide.”
“There is a cyber-awareness maturity curve for industries that have been providing Internet-enabled products and services for longer periods of time, versus relatively new products like personalized shopping and connected cars,” said Bell. “Hackers go after the weakest systems, not often the most traditionally lucrative like banks. However, as products evolve to use more connectivity and data, companies can’t afford to get this wrong and let the maturity model hold them back.”
Security executives acknowledged the ramifications of a breach citing reputation (53%), financial loss (50%) and job security (49%) as the top concerns associated with falling victim to cyber-attacks.