Survey: Retailer confidence in systems security may be misplaced

Retailers’ belief in their ability to detect and prevent data breaches is not supported by underlying data.

According to a new study from the Cornell University Center for Hospitality Research and e-commerce platform FreedomPay, almost all surveyed retail, restaurant and hospitality executives are confident in their companies’ internal risk assessment processes (96%), as well as in the security of their systems (95%).

However, nearly one-third of surveyed companies (31%) have experienced a data breach in their corporate history. Of respondents that have been breached, 89% have been hit more than once in a year, and 69% of retail businesses have been breached upwards of three times in a year.

When asked to cite their largest security concerns, respondents’ leading issues included payment integrity (59%), malware (58%), and risk management (57%).

Almost three-quarters (74%) of respondents use more than one cybersecurity system, with more than half (56%) having many cybersecurity systems in many locations. Overall, respondents are split on whether systems are governed by a single department (51%) or multiple departments (49%).

The study also found that 91% of respondents believe their customers deeply care about cybersecurity while 86% believe it increases customer loyalty. Yet, about two-thirds (65%) of respondents believe that customers are annoyed by extra security measures, and 67% say customers want systems to be easy to use.

[Read more: Survey: Customers will abandon a poor login experience]

Budgetary concerns may also play a factor in determining any potential system enhancements –the few respondents (15%) that currently do not have plans to enhance their system are most likely to cite preventative costs (61%) and an unwillingness to have a disruption in service (52%) as reasons for this reluctance.

Other notable findings include: 

• More than one-third (35%) of respondents do not know how much of their company’s budget is spent on cybersecurity.

• Nearly all (96%) respondents say they value the importance of security systems to protect their data, and 85% agree that their customers would be more satisfied if they had extra security measures in place. Yet, half (50%) have either not increased their IT security budget or decreased their budget since 2019.
• More than four-fifths (83%) of respondents who use a third party to manage and secure information say this option is “more cost-effective” for their business, while roughly half (51%) of respondents who do not use a third-party supplier cite it as being “more costly” than their current process.
• Almost all respondents (91%) are very or extremely confident that their company adequately trains end users, relying on conferences and seminars (71%) to keep them trained and engaged.
• A majority of respondents (87%) say they would welcome involvement from the U.S. government to fight cybersecurity threats as well as enhance policy (84%).

Click here to download the report.

“Especially over the past two years, cybersecurity has been top of mind for businesses as we navigate a highly complex e-commerce network,” said Chris Kronenthal, president of FreedomPay. “Retailers and hospitality businesses increasingly view their payments systems as more than transaction processing – they are important sources of data and customer insights. Retailers and consumers alike need the assurance that this data is being protected and managed properly.”

"These findings provide a baseline understanding of how key decision-makers are handling cybersecurity issues and offer key insights for optimizing and fortifying systems as we continue down this path of accelerated digital transformation," said Professor Linda Canina, the Dr. Michael Dang director of the Center for Hospitality Research at the Cornell Peter and Stephanie Nolan School of Hotel Administration.

The survey was conducted by Hanover Research and included 300 respondents for small, medium, and large-size enterprises across hospitality, retail, and food & beverage spaces.