Retail Execs May be Fooling Themselves about Data Security

Oct. 17, 2012
Despite tight budgets stalling retail and consumer (R&C) executives from updating security programs, many remain confident in their business practices, according to findings from PwC’s new report, “R&C Insights: Changing the game.”

Despite tight budgets stalling retail and consumer (R&C) executives from updating security programs, many remain confident in their business practices, according to findings from PwC’s new report, “R&C Insights: Changing the game.” The report surveyed more than 1,100 senior R&C industry executives and found that regardless of this lag in technological advances, adversaries are becoming ever more sophisticated, breaching the defenses of business ecosystems.

Sixty-nine percent of respondents said they are confident their company’s security activities are effective; however, according to PwC, in 2008, 83 percent of respondents expressed confidence in their security program. PwC suggests that executives adopt a new way of thinking in order to achieve effective security, such as implementing risk-assessment strategies and aligning security investments with identified risks as well as embracing that information security is both a means to protect data and an opportunity to create value.

Among key findings, PwC found that companies are mostly influenced by economic conditions, rather than the business value of good information security, when determining security budgets. Furthermore, R&C companies are struggling to keep pace with the adoption of cloud computing, social networking, mobility and the use of employee-owned devices, failing to incorporate these into their security policies.

Other key findings include:

• 40 percentof respondents expect security budgets to increase in the year ahead, down sharply from 51 percent in 2010.

• 72 percentof respondents say their business has an information security strategy in place, up from 61 percent in 2011, and 47percent have implemented a business continuity / disaster recovery plan this year.

• 31 percentof respondents say their organization plans to implement an enterprise social networking program for employee communication and collaboration, while 25 percent say enterprise social networking is already in place.

• 56 percent of respondents say they are prepared to protect sensitive data in the cloud or other third-party environments, while their biggest concerns are ensuring compliance with data security regulations, limitation of liability, and a reduced ability to negotiate and enforce data protection.

• 80 percentof respondents say protecting customer and employee data is important, but only 28 percent say they have an accurate inventory of the stored data, and 33% report they have an accurate inventory of employees’ and customers’ personal data. This is significant because organizations must know where data resides in order to effectively protect it, the report’s authors suggest.

Related Articles:

Manufacturers Collaborate on Compliance Audits

Five Views of Logistics in 2050

Supply Chain Collaboration Drives Successful Tracking