Few things can send a retail company into disarray like a data security breach. When sensitive data or customer information is compromised, the entire company becomes vulnerable. Its assets can be stolen, its trade secrets and proprietary data can be exposed, and its customers and employees can themselves become vulnerable to attack.
These kinds of cyberattacks happen more often than you might expect. Retail giants like Target, Staples and Home Depot, as well as ecommerce sites like eBay, have all been victims of breaches that resulted in millions of compromised records.
IBM recently sponsored a study examining the cost of data breach incidents for companies in the United States and found that the total average cost that organizations paid increased from $6.5 million to $7 million from 2014 to 2015. The average cost for each lost or stolen record containing sensitive and confidential information increased from $217 to $221.
Data breaches wreak havoc
Logistically, a data security breach sets off a scramble inside the company that can last for days, weeks or even months as security engineers, developers, and executives rush to find and seal the breach. It takes a serious toll on worker morale throughout the organization. Fixing the problem often requires long hours, causing burnout among some of the retailer’s most important employees, and if the breach was serious enough that a manager or executive is fired, the people working in his or her division are suddenly fearful of reorganization and layoffs. Even after the breach is initially fixed, the repercussions can last a long time.
Financially, a data security breach can cost a retailer millions of dollars, as the IBM report illustrates. Part of that is operational expenses — overtime pay for employees working late nights and weekends, retainers for expensive third-party services and, often, legal fees if other parties claim damages (and they often do). The opportunity cost can also be staggering. If sales — either in a store or online — have to slow down or stop for a time, that equates to lots of lost revenue, which can send profit margins plummeting deep into negative.
Publicly, the company is suddenly thrust in the news for all the wrong reasons, which can spell doom for a retail brand especially. Word spreads quickly, and as the news — of compromised shopping data, credit card information, or anything else — reaches consumers, they lose confidence and decide to shop elsewhere. It’s a huge hit to the bottom line, and many companies never fully recover.
The Root Causes of Data Breach
Malicious or criminal attacks are the primary cause of data breach. According to IBM’s study, 50% of incidents involved a malicious or criminal attack, 23%had to do with human error by employees and 27 percent involved system glitches.
One of the most sobering statistics is the average time that it takes organizations to identify that they have a data security breach — 191 days, according to the IBM study. The average time to contain the breach is 58 days. All in all, that’s eight months of data compromise that can lead to catastrophic profit loss.
The Best Way to Minimize the Cost of a Breach
The best way to minimize the cost of a data security breach is, of course, to not have one in the first place. And so investing in infrastructure that keeps data safe and secure — especially on highly trafficked e-commerce platforms — is essential to surviving in the 21st century retail landscape.
The task of securing data can seem daunting at the outset, but the good news is that you don’t have to go it alone. A digital consultancy, for example, can help you to navigate security risks inherent to conducting online transactions.
Here’s a sample of some of the initiatives that your IT staff and hired consultants may want to consider:
- Improve data governance programs
- Put together incident response plans
- Appoint a chief information security officer
- Implement employee training and awareness programs
- Encrypt data against unauthorized reading
- Backup all data
- Create alerts for whenever a sensitive operation takes place, legitimately or maliciously triggered
In the end, it’s a huge investment, but the cost savings (and competitive advantage for your retail brand) in the long run will more than justify the effort and resources.