An Investment in IT Security Reinforces and Protects Brand Reputation
Companies spend years of time and thousands, if not millions, of dollars to create a desirable, engaging brand that consumers trust. In addition to this trust, the relationship that retailers forge with their customers creates a strong sense of loyalty that translates into many years of return visits and follow-up sales. However, there’s one thing that can quickly undo a brand’s reputation: an IT security breach in the form of a cyberattack. Just in the past two years alone, leading organizations such as Target, Neiman Marcus, Sally Beauty, Michaels and Home Depot, along with their customers, have been victimized by bold and tenacious “bad actors” that work full time to find weaknesses in the security defenses of retailers.
The Real Cost of IT Security
According to a report from LexisNexis, the "True Cost of Fraud Study," losses due to fraud and cyber theft totaled approximately $11.1 billion in 2013 and continue to grow at an alarming rate. The percentage of revenue lost to fraud and cyber theft increased 70 percent, from .080 percent in 2013 to 1.36 percent in 2014.
As one of the largest “mega breaches” in recent history, Target is a good example of a company that already invested heavily in IT security but fell victim in spite of all of the safeguards it had put in place. According to Target, the company was on track to stronger-than-expected fourth-quarter sales prior to the company’s announcement of the breach (on Dec. 19, 2013), then went on to report an expected decline in sales of 2 percent to 6 percent for the rest of the quarter. In addition, not only did thieves obtain information from roughly 110 million customers’ credit and debit cards during in-store checkouts, but the financial supply chain was also negatively affected to the tune of $30.6 million in new credit and debit cards that credit unions had to reissue to Target customers.
There's much more at stake than just lost revenue, however, as Target executives can attest. The company has spent the last two years — and an undisclosed sum of money — trying to repair the damage to the brand it worked so hard to create. From full-page ads and an online hub that provided detailed information about the breach to a 10 percent discount offer good at all 1,800 Target stores in the U.S. the weekend before Christmas, along with free credit monitoring, Target used various strategies. Whether the company’s response to this devastating event was effective remains to be seen in the years to come, but few will argue that Target hasn’t made the effort to regain customer trust.
While there aren’t any positives related to a devastating breach during the biggest shopping season of the year, the one redeeming factor is that mega cyberattacks like this have driven an increase in “budgets, technologies and tools to prevent, detect and contain the impact of breaches,” according to a report from the Ponemon Institute. The findings state that 61 percent of study respondents said their company’s budget for security increased by an average of 34 percent. Sixty-three percent of respondents say this increase in budget resulted in investments in enabling security technologies to prevent and/or detect breaches.
The study also found that 45 percent of respondents experienced a data breach at their company in the past 24 months. The study questions focused on the one data breach that had the most serious economic impact on their companies. One of the most interesting findings is that even though the breaches weren't in the “mega breach” category, respondents said that loss of reputation, brand value and marketplace image had the biggest impact and was the No. 1 consequence of the data breaches. The second biggest impact was lost time and productivity from dealing with the fallout of the data breach.
An Ounce of Prevention
Most retailers don’t have as much to lose as Target, Neiman Marcus, Home Depot or Michaels, but that doesn’t mean small and midsize retailers shouldn’t do all they can to make sure customer financial data, and their revenues, are securely protected now and well before pre-holiday shopping is underway. Rather than choosing multiple point solutions that must be managed, renewed and updated on a regular basis to be effective, opt for a comprehensive security product suite that provides 360-degree protection.
While no IT security solution offers 100 percent protection against cyberattacks, a multilayered approach that includes anti-virus protection, content/web filtering, application monitoring and data loss prevention forces thieves to break through many “walls” of protection. Although hackers can be relentless, multiple hurdles may be successful in slowing hackers down and potentially thwarting attacks, especially if hackers are looking for easy targets. If a major breach can tarnish one of the most recognizable retail brands in the U.S., it can be even more damaging for retailers trying to establish market share in the highly competitive, and crowded, online retail industry.
Farokh Karani is Director, North American sales and channels, for Quick Heal Technologies, a global provider of IT security solutions.