Managing Growing Retail and Consumer Risk in Tandem with Increased Innovation and Cybersecurity

By Natalie Kotlyar

As digital transformation becomes a core part of overall strategy, retail and consumer products companies should prioritize threat-based cybersecurity. Threat-based cybersecurity is a forward-looking, predictive approach. Instead of (or in addition to) focusing solely on protecting critical data assets or following the basic script of a generic cyber program, threat-based cybersecurity concentrates on investments in the most likely risks and attack points based on an organization’s unique threat profile.

For example, this framework looks different for a pure play e-commerce entity than for a hybrid e-commerce or specialty retailer because the most likely attack vectors are different for each. Threat-based cybersecurity approaches go hand in hand with innovation, as security serves as the backbone to digital transformation—and can even be an innovation catalyst.

Protecting Data is Paramount in Achieving Personalized Shopping Objectives

Retail and consumer products companies have undergone major shifts worldwide due to capitalizing on consumer data as the first step to achieving personalized shopping. But cyber risks grow as data sharing increases. If organizations in the business are going to sustainably innovate around online shopping, they must be able to safely store and analyze consumer data. Implementing threat-based cybersecurity in conjunction with Payment Card Industry (PCI) standards will be their lifeline and offer them a competitive advantage.

Understanding the Requirements of PCI and the Cost of Compromised Data

There are multiple methods to secure information.  There are also mandated requirements for protecting information, such as the Payment Card Industry (PCI) framework. If your organization provides technology solutions or services to other organizations; executes transactions using credit card data (process, transmit, or store); or could affect the security of the data that is processed, transmitted or stored (i.e. service providers)—then you are required to comply with the PCI requirements to some level.

Organizations at Risk

• Retail and consumer products organizations

• Data centers

• Software as a Service (SaaS) solutions

• Infrastructure as a Service (IaaS) solutions

• Hosting providers who offer managed/out-sourced services

• eCommerce providers

Business Costs of Compromised Data

• Fines as determined by the payment brands

• Increased processing fees

• Removal of your ability to accept payment cards

• Legal costs and settlements

• Loss of customer confidence in your organization

The world we live in requires cost-effective cyber risk management with a PCI component. Retail and consumer products companies should take a holistic approach—making good data security practices and protection part of their overall digital transformation strategy.

“Taking on digital transformation initiatives like adopting an emerging technology, investing in a new technology or even building a new technology are key to operational efficiencies and to bolstering cybersecurity. Incorporating threat-based cybersecurity measures, including PCI into their digital transformation strategy will help mid-market retailers and consumer products companies mitigate risk and focus on more strategic business objectives.”        

Natalie Kotylar
BDO Retail & Consumer Products Industry Leader

 

* BDO Cyber Threat Insights - 2019 1st Quarter Report