Why retailers are missing an opportunity to use cybersecurity to drive growth?

Publish date:

Cybersecurity is often seen in terms of the cost of mitigation—or the ramifications of a breach—it is also a business driver and can be a source of competitive advantage in the retail sector.

Many companies have invested significant amounts of money in programs and technologies to improve cybersecurity—the protection of consumer data, (e.g. to be in compliance with GDPR), the enterprise information, and the intellectual property. But while cybersecurity is often seen in terms of the cost of mitigation—or the ramifications of a breach—it is also a business driver and can be a source of competitive advantage in the retail sector.

  • How can retailers leverage cybersecurity and data privacy to drive value?
    • Retailers could increase annual revenue by 5% by investing in cybersecurity measures that makes shoppers trust them more
  • How Cybersecurity in retail can be an opportunity for retailers?
    • Strong cybersecurity measures increase customer satisfaction by 13% and 40% of consumers are willing to spend at least 20% more with retailers they trust
  • How to counter cyber threats in the retail sector?
    • 77% of consumers rank cybersecurity as the third most important factor when selecting retailers, behind product availability and quality but above traditional factors including pricing and brand reputation  

Capgemini probed this issue in a global survey of over 6,000 consumers and 200 retail executives, as well as in interviews with experienced cybersecurity executives. The research methodology at the end of the report provides further details (see link at bottom of this Blog).

The research reveals that customer satisfaction and spending can drastically be improved by cybersecurity and data protection assurance. Yet, very few retailers are leveraging this opportunity to gain competitive advantage. The report:

  • Explores how cybersecurity and data protection is a business driver
  • Assesses retailers’ understanding of consumer expectations for cybersecurity and data privacy
  • Quantifies the gains for a retailer with a robust cybersecurity and data protection system
  • Provides recommendation on how retailers can leverage cybersecurity and data privacy to drive value and growth

Cybersecurity and data protection is a business driver for retailers

Cybersecurity is absolutely a business driver. A good cyber-defense system is an expectation from a customer standpoint and it should be from a business standpoint. A retailer must have the best available protection and security tactics today.”

—Retail executive, US department store

When consumers where asked to rank several criteria according to their importance when choosing a primary retailer (i.e. the one they shop with most). Among criteria such as product quality, product availability, and discounts, they were also asked about four factors related to cybersecurity and data privacy:

  • Safety of in-store devices, such as kiosks
  • Safety of websites and apps
  • Safety of stored personal or financial data
  • Transparency of the usage of stored personal or financial data.

These factors showed as crucial when people are deciding on a retailer. For example, cybersecurity and data privacy outranked attributes such as discounts.

Cybersecurity and a transparent data policy drives customer satisfaction

Capgemini then decided to further test the importance of cybersecurity as a business driver, by measuring a key metric for retailers—customer satisfaction. Consumers were asked to rate how their satisfaction level would change if a retailer implemented a set of cybersecurity and data privacy capabilities.

Capgemini explored which specific cybersecurity and data privacy capabilities might be more important in driving customer satisfaction. The top capabilities tested are:

  • Encryption of stored data (i.e., consumer’s perception of a retailer’s ability to protect their financial and personal information)
  • Prompt for passwords while accessing accounts
  • Transparent data privacy policy (i.e., policies that are easy to find and understand)
  • Control over data retention.

As a result, Encryption of stored data, password prompt, and a transparent data policy have greatest impact on customer satisfaction (see percentage points in details of these capabilities in below figure).

“Cybersecurity can be a business driver for retail as long as the security platform is built considering the present as well as the future needs and the legacy systems of the organization.”

—Tyson Martin, Chief Information Security Officer, the Orvis Company

Consumers will increase their online spending when they trust the Retailers cybersecurity practices and policies

When consumers were asked how much they would increase online spending if a retailer were to take the following trust-building actions:

  • Assure them that their financial and personal information was safe
  • Explain how their personal and financial information was going to be used
  • Assure them that their websites and apps use the most advanced security

Approximately 40% of consumers would be willing to increase their online spend 20% or more if their primary retailer gave them these assurances which built their trust and competitors did not.

At the same time, the report also asked Retailers the same question and they found significant disconnects, including transparency of use of personal and financial data. The report concludes that most retailers do not focus on the cybersecurity and data privacy capabilities that can boost customer satisfaction. It also points out that consumers want more assurances from retailers than they are getting. Retailers appear reluctant to inform their customers of data breaches and few retailers inform their consumers of a breach before the media. In conclusion:

  • Retailers must focus more on the cybersecurity and data privacy capabilities that can drive customer satisfaction
  • Clients of Retailers also demand assurance that their financial and personal information is safe
  • Retailers must promptly notify their clients when a breach occurs as, being notified, builds trust too
  • Lack of notifying clients before it ends up in the Media, as that way of being informed results in the opposite of trust, and, clients are more likely to stop from shopping online at that Retailer

Follow the link  to find details about the report and its references.

For any discussions on GDPR please reach out by leaving a comment in form below and we will contact you shortly.


Related Posts


Empowering our employees to become cyber savvy in the new normal

Date icon October 14, 2021

Celebrating Cybersecurity Awareness Month at Capgemini


Capgemini Named a MSSP Leader in Everest Group Report

Geert van der Linden
Date icon September 6, 2021

Capgemini has continued to make significant investments to ensure its customers are able to...


Cybersecurity: the linchpin of sustainable infrastructure

Geert van der Linden
Date icon July 7, 2021

It’s critical that infrastructure organizations mitigate these risks by placing cybersecurity...