CSA Exclusive: Retailers’ biggest cybersecurity concerns are…

A new survey sheds light on what aspects of cybersecurity are keeping C-level retail executives up at night.

According to a recent survey of IT decision-makers sponsored by Rackspace Technologies and Microsoft and exclusively released to Chain Store Age, cybersecurity is the top concern for retail respondents (60%). This was followed by inflation/interest rates (51%), supply chain/logistics (47%), sustainability (45%) and hiring/retaining talent (36%).

The top potential risks of having their cybersecurity defenses breached cited by retail respondents included  operational downtime  (60%) damage to brand reputation (56%), loss of intellectual property and data (53), legal consequence (45%), and revenue loss (42%)

AI plays major role in retailer cybersecurity strategies

Retail respondents indicated that artificial intelligence (AI) is playing an increasingly critical role in driving their cybersecurity posture and investment.

Close to six in 10 (58%) retail respondents said AI has increased the need for cybersecurity. In addition, 78% of retail respondents said they have a formal policy on AI governance and security. Of those respondents:

• Main concerns that led to these policies are data privacy (56%) and compliance and legal considerations (54%).
• The level of employee awareness and understanding among of AI governance and security policy is 40% fair vs. 42% great.
• The degree to which these policies address data classification and security concerns – implementing stricter security measure on data storage and access (50%), minimizing exposure of sensitive data (49%), setting data classification frameworks and guidelines (46%).
• Eighty-four percent of retail respondents leverage AI in data security and 82% in security incident detection and response.

Cybersecurity budgeting

The survey also examined retail respondents plans for and attitudes toward cybersecurity budgeting:

• More than half (54%) of retail respondents have increased their cybersecurity budget over the past year, with 93% of those having increased their cybersecurity budget up to 20%.
• Two in three (65%) retail respondents have dedicated 9% to 20% of their total IT budget to cybersecurity.
• The biggest areas of cybersecurity investment are cloud native security (57%), data security (55%) and application security (50%). This focus on cloud native security aligns with where retail respondents perceive their biggest threat vector: cloud architecture attacks (64%).

 C-suite engagement

Almost two in three (64%) retail respondents said the level of concern for cybersecurity has increased in their C-suite over past 12 months, and 70% said the C-suite is making more of an investment in cybersecurity.

Cybersecurity talent issues 

Retailer respondents generally said they are not hiring more cyber talent. Only 54% have 21-40 dedicated cybersecurity employees on staff now, compared to 59% who did 12 months ago. Top challenges include staff being poached/turnover (51%), training and development programs not meeting employee needs (51%), and high demand/low supply of talent (41%). 

To address cybersecurity talent shortages, retail respondents are taking actions such as creating a good work environment (work/life balance, rewards, supportive management - 55%), offering more opportunities for professional development (41%), and using a strong brand to attract prospects (41%).

In addition, about two in three (65%) retail respondents said better collaboration between the security team and c-suite has reduced the cyber skills gap.

Commissioned by Rackspace Technology and Microsoft, the survey was conducted by Coleman Parkers Research during July and August 2023, based on the responses of 1,420 IT decision-makers across manufacturing, digital native/technology, financial services, retail, government/public sector, and healthcare sectors in the Americas, Europe, Asia and the Middle East.

[Read more: Verizon: Hackers put retail payment card data at risk]