This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • New BDO cybersecurity report finds retail industry noncompliant with global payment card data security standard

New BDO cybersecurity report finds retail industry noncompliant with global payment card data security standard

24 May 2019

Brussels, 20 May 2019 - The global retail industry’s investments in cybersecurity are largely insufficient, according to the 1st quarter Cyber Threat Insights by BDO’s International Cybersecurity Advisory Services. As a result, the average cost of a cyber data breach in the retail industry continues to climb every year, as does the average cost of cyber liability insurance coverage.

According to BDO, a case in point is that, on the 15th anniversary of the Payment Card Industry’s (PCI) Data Security Standard (DSS), many retailers are still not PCI-compliant. Created in in 2004, the standard’s objective was to increase security controls around credit card information and fraud incidents.

Among industries worldwide, retail ranks lowest on supply chain security, correct firewall usage, protection against malicious software, the development and maintenance of secure systems, access authentication and the testing of security systems and processes.

BDO points out that, while credit card numbers are considered a highly lucrative reward of a successful cyber-attack because financial information can be re-sold quickly on the black market, consumers are affected in other ways than just by the misuse of financial information, including:

  • Increasing prices of products or services
  • The compromise of personal identifiable information and identity theft
  • Theft or loss of products once purchased
  • The loss of value of stock or other investments made in the retail industry

More companies are facing major lawsuits from their own shareholders, consumer protection groups and federal and/or state government agencies for their negligence in providing an adequate information security programme for their organisation. This results in significant financial losses and negative impacts on brand and reputation.

Gregory Garrett, Head of BDO’s International Cybersecurity Advisory Services comments: “Cybersecurity serves as the backbone to digital transformation. When an organisation overhauls its IT infrastructure, its security risks undergo an overhaul too. It is an opportunity to take a fresh look at how data is accessed and used - old vulnerabilities may be mitigated or even eliminated, but new ones are introduced. Cybersecurity can be an innovation catalyst and retailers need to schedule innovation in tandem with cybersecurity.”

Click Here To Download Report   Read more BDO Insights