As digital commerce and personalization at scale strategies continue to accelerate in the retail industry, cybersecurity is an emerging capability to leverage to keep consumers’ personal information safe and secure. There is a greater emphasis on cybersecurity preventative strategies, as the evolving commerce model is empowered by the rich consumer data and insights that enable personalized experiences and offers. Personalization is the holy grail in the retail industry, as it empowers compelling offers, value, and rich customer engagement to help build a community of loyal consumers.
Personalized experiences at scale empower retailers to establish stronger connections with their customers, helping to increase sales by 1 to 2 percent, build brand loyalty, and ultimately enhance customer lifetime value. Additionally, personalization strategies have contributed to 20 percent higher customer satisfaction rates, a 10 to 15 percent boost in sales conversion rates, and an increase in overall employee engagement of 20 to 30 percent. Personalization strategies have evolved across channels as consumers seamlessly navigate physical, digital, social, and live-streaming platforms to shop with their favorite brands and retailers.
Customer-first commerce operating models require resilient and scalable strategies as third-party cookies are phased out and the industry shifts towards relying more on first-party data. Publicis Sapient conducted a research program among more than 6,700 consumers globally to understand their opinions on customer data and why, how, and when they are willing to share their personal data with organizations. The key is to establish a relationship of trust and transparency, as consumers worldwide have concerns about what data they share and how companies leverage it.
These concerns include:
- Being completely transparent about the data you leverage: Detail to customers how you plan to use their data and explain the benefits they will receive for sharing their personal information
- Offer flexibility and freedom: Enable customers to opt out of data sharing anytime and for any reason
- Consistently follow the rules: Demonstrate to customers that your organization is compliant with the latest data privacy laws and regulations
With the personalization imperative, the significance of data security grows more valuable every day to retailers’ business models. Along with the significant increase in the use of consumer data have come rising security, compliance, and privacy risks. Cyber-resilient retailers are balancing investments in data protection, compliance, and recovery capabilities as consumers continue shopping across channels and seamlessly leverage various payment options. Safe payment options and secure shopping experiences are critical to gaining and retaining consumers’ trust and confidence.
The Rise of Retail Theft and the Imperative to Improve Cybersecurity
The 2023 World Economic Forum’s (WEF) Global Risks Report, published in January, positions cybersecurity in the current and future top 10 global risks. Cybercrime costs are projected to hit an astounding annual $10.5 trillion by 2025, according to Cybersecurity Ventures. Gartner analysts predict that a digital supply chain attack will impact 45% of global organizations during the next two years.
The increasing threat of in-store retail theft cost the retail industry $112.1 billion in losses last year, a 19% increase over 2021 levels, according to a new study by the National Retail Federation. Retail Pharmacy operations responded quickly by putting those items behind glass, only to find that what was intended as a theft-prevention measure has turned into a sales-prevention one. An executive for a firm that supplies anti-theft devices to Walgreens said locked cases can result in a 15% to 25% loss in sales. Fundamentally, there is a loss of psychological safety and security, and it also raises concerns with customers that shopping there may be a dangerous experience.
In addition to the in-store retail theft challenges, retail has become the number one target for cybercriminals. The retail industry is experiencing more breaches than any other industry in the United States. Considering the confidential payment information companies can access, 24 percent of all cyberattacks are against retailers. Retailers’ lack of sophisticated security measures frequently exposes their operations to potential cybercriminals. This is not just impacting larger retailers, as independent retailers retain significant credit card or bank details in their digital files.
Several contributing factors have led to the increase in cybercrimes around consumer personal data and payment information:
- Access to personal information: Retailers have access to the personal identifying information of customers, and getting past a company’s defenses is a significant goal for a hacker
- Common Cybersecurity Infrastructure: There may be common cybersecurity infrastructure across similar retailers, which may leave them exposed to an attack
- Social Engineering Strategies: This involves “bad actors” leveraging mind games to potentially go against security standards, which are often not prominent on the radar of many retailers. Cybercrime attacks such as advanced persistent threats (APTs) and ransomware usually start with phishing attempts.
The Impacts of Retail Theft on Customers and Employees
The real threat of cyber-attacks is that they undermine consumers’ trust and confidence and impact the retailers’ brand equity, where 87 percent of consumers would prefer to move their business elsewhere if they believe that their data was not handled responsibly. Consistency breeds trust and confidence with customers, especially concerning their personal data. A lack of adequate and scalable cybersecurity capabilities will significantly impact protecting consumers and retaining their business. Gaining and maintaining consumer trust and confidence must be a top priority for retail organizations as we head into 2024.
Insider cybersecurity threats in retail are also increasing. At the retail store level, companies are experiencing high turnover, where the average retailer has many touchpoints points of insider vulnerability, including seasonal and traditional employees. Retailers also outsource some of their critical business processes to third-party solution providers. Driven by malicious intent and financial motivations, retail insiders often compromise sensitive data with external hackers or possess it in their own devices to demand ransom.
Cybercriminals in the retail industry are very adaptive at increasing their anonymity and overall effectiveness. As personal devices are leveraged in the retail space, human-operated ransomware attacks on small and medium businesses are growing. Many ransomware attacks attempt to compromise or gain access to unmanaged or bring-your-own devices because they typically have fewer security controls and defenses. Nearly 80-90% of cybersecurity compromises originate with unmanaged associate devices. Today’s Retailers must mitigate potential threats and protect themselves and their customers from harm.[i]
Preventative Measures Retailers Can Leverage to Help Mitigate Cyber Events
The rise of retail cybersecurity breaches is a very concerning development. According to Verizon’s 2022 Data Breach Investigations Report, the retail industry experienced 629 incidents in 2022, of which 241 were confirmed data cybersecurity breaches. The main motive for these incidents was to steal customer data for financial gain. Building cyber resilience is critical for a seamless customer experience and safe retail payment experience. The proliferation of touchless commerce, online payments, and in-store retail payments requires establishing a resilient and scalable infrastructure model to mitigate and protect retailers and consumers.
Retailers have defined opportunities for business growth and innovation through digital transformation initiatives. With the rise of digital commerce and all the complexities of running a multichannel business, retailers face new and more threatening challenges, and cybersecurity must evolve as fast as, and accelerate more than, the technology we depend on. Companies must continually adapt their approaches to evolving cybersecurity threats, like ransomware attacks, data breaches, and social engineering schemes. To maintain defenses and stay ahead of attackers, retailers of all sizes need a cybersecurity strategy and the latest tools to detect, respond quickly, and mitigate threats.
Microsoft’s proven cybersecurity capabilities and infrastructure solutions have proven to protect against 99 percent of attacks by following the following five-step methodology:
- Enable multifactor authentication (MFA)
- Apply Zero-trust principles
- Leverage extended detection and response (XDR) and anti-malware
- Ensure your systems and solutions are on the latest version
- Protect data with the proper defenses
Retailers can now deploy next-generation security incident event management (SIEM) that uses machine learning and AI. SecOps centers can automate detection and connect related alerts by combining global threat intelligence with AI capabilities. This helps identify incidents, reduce alert fatigue, and decrease the time needed to detect and respond. These solutions also deliver a lower total cost of ownership because they reduce time-intensive manual processes previously required to triage, investigate, and remediate threats.
Against an increasingly complex cyber ecosystem, AI can change the security landscape by augmenting defenders’ skills, speed, and knowledge. With modern AI advancements analyzing trillions of security signals daily, Microsoft provides the capabilities to build a safer, more resilient commerce ecosystem. AI can help by automating and augmenting many aspects of cybersecurity, such as threat detection, response, analysis, and prediction. AI can also enable new capabilities and opportunities, such as using Large Language models (LLMs) to generate natural language insights and recommendations from complex data.
Balancing the Criticality of Cybersecurity and Retail Personalization
Technology will continue to be an intrinsic part of our daily lives, and there are inherent risks that come with our dependence on digital connectivity. Consider that there will be almost twice as many connected devices, 15 billion, in the world this year compared to the world population, which is nearing 8 billion. As our society depends on technology for how we shop, work, engage, learn, and entertain, there are limitless ways that cyber events could occur across the millions of fragmented digital touchpoints.
Considering how dependent we are on digital capabilities, technology, networks, and complex technical infrastructure, it is devastating when the systems do not function. In an increasingly digital-first world, businesses, especially the retail industry, must prioritize cybersecurity as one of the top initiatives going into 2024. It will be critical to extend cybersecurity strategic planning beyond the four walls of an organization and across the whole value chain and every single consumer and associate touchpoint.
As retailers formulate their personalization strategies, an equally critical cyber security resilience transformation must be prioritized. Microsoft has proven to be an industry leader and strategic partner in providing retailers with comprehensive, scalable, and secure cybersecurity solutions with the emergence of digital commerce. As commerce and personalization strategies evolve, cybersecurity is paramount to providing safe and secure outstanding customer experiences as customers seamlessly navigate shopping channels to discover new products.
Connect with Brandon Rael on LinkedIn.