As e-commerce expands, so do cyber threats. Retailers must prioritize security investments to protect customer data, comply with regulations, and build trust.
The impressive recent growth trajectory in the e-commerce market continues to move up and to the right. According to Statista, the global e-commerce market is projected to maintain an annual growth rate of 9.49% in the coming years, with 3.6 billion purchases expected to account for $6.48 trillion by 2029.
Unfortunately, this explosion in online activity comes with several challenges. Indeed, as e-commerce grows, so do the efforts of cyber attackers seeking to capitalize on expanding opportunities.
Retail companies are particularly vulnerable to such threats given their extensive customer and transaction data and increasingly digital operations. Several recent incidents underline the seriousness of the threat.
Just last year, Ace Hardware suffered a severe cyberattack that compromised 196 company servers and over 1,000 devices, causing widespread disruptions across its 5,600 stores worldwide. The attack delayed shipments and deliveries and impeded the company’s ability to process online orders, significantly affecting its operations.
Then, in late 2023, VF Corporation — the parent company of brands like Timberland, Dickies, The North Face, and Vans — also suffered a cyberattack that disrupted operations and hindered order fulfillment. Here, investigations revealed that the personally identifiable information (PII) of approximately 35 million individuals was compromised, with the effects of the attack continuing to be felt over a month later.
Also Read: Out-of-Stock: Retail’s $1 Trillion Inventory Challenge
Such headlines highlight the urgent need for retailers to adopt more rigorous security measures to protect themselves and satisfy their customers.
Interestingly, a survey revealed customer demand for robust security and compliance as a significant motivator behind increased investment in security measures among retailers, cited by 43%. However, many firms have struggled to meet the necessary standards despite this.
The same report indicates that roughly one-third of retailers view compliance with regulations and industry standards as their biggest information security challenge, despite nearly 43% boosting their compliance-related investments by up to 25 %.
The Challenge of Evolving Compliance Demands
This is no coincidence. As the cyber threats facing retailers continue to ramp up, so do the requirements associated with security compliance regulations.
Take the Payment Card Industry Data Security Standard (PCI DSS) example. Retailers that accept major credit cards or process electronic payments must adhere to PCI DSS, a set of technical and policy controls designed to protect sensitive cardholder information and transaction data.
In recent times, these compliance requirements have tightened. Specifically, the standards transitioned from version 3.2.1 to version 4.0 in March 2022, with full compliance required by March 2025. This update emphasizes continuous security and improved payment validation, with some of the key changes including:
- Enhanced emphasis on security as an ongoing process.
- Multifactor authentication and zero-trust architecture requirements for service providers.
- Updated software development requirements, including secure coding practices, automated vulnerability scanning, and penetration testing.
- Stricter password management rules, including using passphrases and banning specific weak passwords.
- Promotion of systematic and effective encryption, including support for quantum-safe cryptography.
Looking at PCI DSS, it’s clear why many retailers view compliance with regulations and industry standards as the biggest information security challenge. Indeed, increasingly strict controls pressure firms, demanding more time and preparation to ensure compliance.
Also Read: The Future of Retail is AI: Personalized, Efficient, and Customer-Centric
Making the Most of Your Investments With ISO 27001
Despite the difficulties retailers face, the survey also shows that compliance investments do pay dividends. Critically, one-third of retailers note that the best information security-related return on investment they have achieved in the past 12 months is related to compliance investments.
The need for compliance and its value are clear. So, what concrete steps can retailers take to ensure their compliance investments are effective and not wasted?
Retailers should look towards the ISO 27001 framework for guidance in systematically enhancing their security management practices.
ISO 27001 offers a structured approach to protecting information assets. By following this pathway, retailers will be well positioned to more effectively address customer demands for robust security and compliance, safeguard their reputation, protect customer data, and effectively counter new cyber threats.
Today, this must take priority. Indeed, cybersecurity isn’t a cost or technological issue but a cornerstone of any successful modern retail strategy.
Retailers must implement robust security controls, achieve standards like ISO 27001, and adopt an integrated approach to compliance. Furthermore, cyber resilience should be an ongoing process, not a one-time project. As threats and regulations evolve, so must defenses.
By prioritizing information security in boardroom discussions and allocating adequate resources, retailers can enhance security, build trust, and mitigate significant financial, reputational, and legal risks.
