RESEARCH REPORT

In brief

In brief

  • Chief Information Security Officers (CISOs) must not only be brilliant at security basics but also have the foresight to keep the customer safe.
  • The changing scope of the CISO role—from tech-savvy specialist to business-outcome focused advisor.


The retail security landscape

Retail leaders now understand that facing a cyberattack is not a case of if but when. And minimizing the impact on their business—and, especially, consumer trust—depends on how quickly they can detect it, isolate it, and coordinate an effective threat response. According to our research, on average, retail companies are satisfied they are ready to tackle cyber threats. They plan to increase their cybersecurity investments—nearly half said they are prepared to invest more in the cloud, protecting point-of-sale systems and preventing fraud. Yet, when we asked which types of security breaches their organizations had experienced within the past 12 months, 53 percent identified customer data—the lifeblood of their business and a growing challenge that is likely to put pressure on Chief Information Security Officers (CISOs).

As retail companies work with their CISOs on an IT landscape makeover and speed up investments that allows tech to transform their business–they continue to empower their workforce with the digital tools needed to deliver unique brand experiences and understand the customers they serve.

Enabling the business

Putting the business first is essential if retail CISOs are to handle upcoming threats posed by connected environments, broader ecosystems and the expanded use of data in all aspects of the retail environment. Three factors are important for retailers who want to reshape traditional operations and deal effectively with the next wave of cyber threats:

Constant vigilance

Retailers cannot be complacent about the enemy—or the shifting nature of cyberattacks. New business models mean that attackers are finding it easier to scale cybercrime globally.

Image

Security outsourcing

Protecting high-value assets means looking after the data that is most critical to operations–consider outsourcing to better meet security demands.

Seat at the boardroom table

CISOs must have access to the executive team and insight into where business decisions are being made. Being more embedded in business decision making requires a fundamental role shift.

View All

Security first

To achieve cyber resilience, retail organizations must build cybersecurity qualities and values into their business. In doing so, they need to take three actions:

Image

Harden and protect core assets

Become brilliant at the basics. Be clear on your inventory and put security controls in place—establish whether new technologies are adding complexity or adding value.

Adopt a “partner and protect” approach

Shore up your third-party defenses or outsourcing partners so that their approach is as secure as your own.

Evolve the role of the CISO

Make sure the next-generation CISO is business adept as well as tech-savvy. Infuse a security mind-set into the culture of the organization.

View All

Meet the team

Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter