Retailers aren't spending on the right areas of data protection

The retail sector has been the subject of some of the most high profile data breaches in recent years. Add to this the willingness of customers to switch allegiance in the event of a breach and it's clear the industry needs to take security seriously.

A new survey from enterprise data protection specialist Vormetric in conjunction with 451 Research focuses on retail companies, detailing IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances.

Among the findings are that 89 per cent of IT executives feel vulnerable to data threats and 51 per cent have already experienced a data breach, with more than one in five (21 per cent) indicating a breach in the last year.

Retailers are making efforts to protect their systems, though the findings show their efforts may not be directed in the right place. Spending to protect data is increasing fastest in areas that have been shown to be ineffective at guarding against multi-stage attacks. Network defenses (65 per cent) and endpoint and mobile device defenses (58 per cent) see the highest increase in spending, while approaches like data-at-rest defenses, that have been proven to be effective at protecting data after perimeter defenses have been bypassed, are at the bottom (48 per cent). One bit of good news is that 44 per cent are increasing spending on data-at-rest defenses this year.

At 55 per cent, protecting reputation and brand was the top IT security spending priority, followed closely by meeting compliance requirements at 49 per cent. Preventing data breaches was the lowest priority, named by only 31 per cent. Complexity at 61 per cent is identified as the top barrier to adoption of better data security.

"With frequent, high profile data breaches occurring, it seems a complete miss that preventing them is at the bottom of a retailer's IT security spending priority list," says Tina Stewart, vice president of marketing for Vormetric. "Surprisingly, they are also failing to connect the dots about the best solutions to use.

"With tremendous sets of detailed customer behaviour and personal information in their custody, and with retailers a prime target for hackers, we'd expect to see more investments in data security, than in less than fully effective tools like network and anti-virus security".

Image credit: Norebbo/Shutterstock