There are untapped opportunities for retailers to use cybersecurity to drive growth. Together with data protection, it is a major business driver that can significantly improve customer satisfaction and spending.
Many companies have invested significant amounts of money in programs to improve cybersecurity – the protection of enterprise information and intellectual property. But while cyber security is often seen in terms of the cost of mitigation – or the ramifications of a breach – it is also a business driver and can be a source of competitive advantage in the retail sector.
We probed this issue in a global survey of over 6,000 consumers and 200 retail executives, as well as in interviews with experienced cybersecurity executives. The research methodology at the end of this report provides further details.
Our research reveals that customer satisfaction and spending can drastically be improved by cybersecurity and data privacy assurance. Yet, very few retailers are leveraging this opportunity to gain competitive advantage. This report:
Explores how cybersecurity and data protection is a business driver
Assesses retailers’ understanding of consumer expectations for cybersecurity
Quantifies the gains for a retailer with a robust cybersecurity system
Provides recommendation on how retailers can leverage cybersecurity and data privacy to drive value and growth.
Retailers must do more to earn customer trust if they want to survive and thrive in the digital age. Being proactive against DDoS attacks, eliminating ransomware, and a committed compliance to the GDPR are failsafe ways to drive value by leveraging cybersecurity and data privacy.
Up to ten years ago before online retail really took off, retailers would use specific methods to drive value. They would create a safe environment for their customers when they were in the store; they would ensure that their customers’ financial transactions were protected (give them the correct change, protect their checks, etc.); and they would ensure that nobody stole their customers’ goods. Through different retail experiences, customers found the retailers they liked and trusted—and they stuck with them.
Today, technology advancements drive increased convenience for customers. However, with this comes risk and an increased number of ways to intercept or interrupt commercial transactions. Cybersecurity and retail therefore are tightly entwined. Because the retail sector is very sensitive to customer trust, retailers can either thrive or go out of business, depending on whether they are trusted by their customer base. With loyalty card schemes, customers entrust companies even further with personal information and shopping habits that can be leveraged to gain insights into customer behavior. This has increased value in terms of revenue and contribution of loyal customers for the companies. However, there is a flipside: companies must ensure that customer data is safe and not abuse its use.
Having a great social media campaign and slashing prices no longer make the cut. With over three-fourths of customers favoring stores that ensure data privacy, cybersecurity is rapidly taking center stage as a critical determiner of customer loyalty in the retail sector.
Being a retailer is a very stressful job these days. Security must take into account more than just the people who lift products off of shelves and slink out of the store. Today, retailers face a much broader challenge regarding all aspects of security.
As competitors digitize in order to lower costs, digital becomes a veritable battleground. Gaining online customer loyalty means attracting as many people as possible with social media campaigns and always giving them the best deal possible.
Of all the possible types of cyber attacks, retailers are especially exposed to those hunting for PII because it is easy to sell on the black market. Such data could be the source of various fines and legal responsibilities once the GDPR comes into effect on May 25, so cybersecurity in retail must focus in PII data and GDPR compliance.
We have started many projects in areas such as embedding security in the development lifecycle, protecting data in storage and at rest (also for cloud data protection), data masking, and user rights.
40% of consumers are willing to spend up to 20% more online if they are sure their transactions and personal data are safe, so why aren’t retailers doing more to improve their practices and policies? It’s time to see cybersecurity as a business driver and a source of competitive advantage, not just a cost of mitigation.
Many companies have invested significant amounts of money in programs and technologies to improve cybersecurity—the protection of consumer data, (e.g., to be in compliance with the GDPR), the enterprise information, and intellectual property. However, while cybersecurity is often seen in terms of the cost of mitigation—or the ramifications of a breach—it is also a business driver and can be a source of competitive advantage in the retail sector.
How can retailers leverage cybersecurity and data privacy to drive value?
Retailers could increase annual revenue by 5% by investing in cybersecurity measures that makes shoppers trust them more.
How can cybersecurity in retail be an opportunity for retailers?
Strong cybersecurity measures increase customer satisfaction by 13% and 40% of consumers are willing to spend at least 20% more with retailers they trust.
How can cyber threats in the retail sector be countered?
77% of consumers rank cybersecurity as the third most-important factor when selecting retailers, behind product availability and quality but above traditional factors including pricing and brand reputation.
Capgemini probed this issue in a global survey of over 6,000 consumers and 200 retail executives, as well as in interviews with experienced cybersecurity executives.
Retail is a very complex sector from a security perspective, and the GDPR only increases the need for transparent and unambiguous privacy policies. But it’s not enough to make your customer-facing website privacy-friendly. It’s just as important to conduct a careful survey of your entire attack surface and all the potential attack vectors in it.
We’ve recently published an interesting report on cybersecurity and the retail industry which highlights how those retailers who can demonstrate how well they protect the security and privacy of their customers can obtain competitive advantage.
Of course, protecting the security and privacy of (potentially) millions of customers is a non-trivial task, particularly if working in a traditionally competitive and low-margin industry such as retail where the CISO (if the role exists) may have limited budget. There have been many published compromises of customer records in the retail industry resulting from many different kinds of vulnerabilities, from traditional Internet-based hacks such as SQL injection via a poorly implemented website through to the (in)famous Target compromise via their cooling systems provider.