SecurityScorecard, the leader in security ratings, today released its annual 2017 Retail & E-Commerce Cybersecurity Report. The report provides a comprehensive analysis of cybersecurity vulnerabilities across 1,924 companies from January 2017 through October of 2017. As retailers prepare to focus on sales during the holiday season, merchants, major credit card issuers, and others in the retail industry are failing to keep up with critical security processes and security controls needed to protect shoppers.
The report focused on the retail industry as compared to other major industries and the cybersecurity indicators of the best and worst cybersecurity performers. The 2017 Retail & E-Commerce Cybersecurity Report highlights:
- The retail industry ranks 5th out of 17 other major U.S. industries, but still showed major areas of concern.
- On average, retailers score a D in Network Security and Patching Cadence and a C in Application Security, DNS Health, and IP Reputation.
- Of the bottom cybersecurity performers, technology retailers and department stores scored the lowest compared to other types of stores.
- Thirty percent of the bottom cybersecurity performers in the retail industry were clothing retailers.
- Six of the top ten credit card issuers scored a C or below in Network Security and DNS Health.
“Retailers are a prime target for cybercriminals,” said Sam Kassoumeh, Co-founder and COO of SecurityScorecard. “Our analysis indicates that retailers continue to struggle with basic hygiene which leaves them vulnerable to attack. This includes both online and brick-and-mortar retailers. As we have seen with recent breaches, the lack of basic security controls and best practices can lead to a compromise of consumer data that can have a long lasting impact on customers. With the reliance on third parties, including cloud providers and payment processors, the potential for compromise has dramatically increased. The primary mechanism that retailers need to deploy is continuous monitoring of their vendors and within their own IT infrastructure.”
The conclusions and rankings featured in the report are based on data derived from SecurityScorecard’s patented security ratings platform. A complimentary copy of the 2017 Retail & E-Commerce Cybersecurity Report can be downloaded by clicking here. To receive a free SecurityScorecard assessment and consultation for your business, visit instant.securityscorecard.com.
Headquartered in the heart of New York City, SecurityScorecard’s vision is to help security professionals work collaboratively to solve mission-critical, cybersecurity issues in a transparent way. The company was founded in late 2013 by Dr. Aleksandr Yampolskiy and Sam Kassoumeh, two former cybersecurity practitioners who had served, respectively, as Chief Information Security Officer and Head of Security & Compliance. With cloud solutions becoming an increasingly integral part of the security technology stack, Yampolskiy and Kassoumeh recognized the need to address 3rd and 4th party risk as well as better understand the security capabilities of their business partners. Since its founding, the company has grown dramatically and now counts hundreds of leading brands as customers. SecurityScorecard is backed by leading venture capital investors including Sequoia Capital, GV, and Nokia Growth Partners among others. For more information, visit www.securityscorecard.com.