Respondents in the retail industry, incorporating both wholesale and distribution, express a lower-than-average level of confidence in almost all of the incident detection mechanisms mentioned in the survey. For example, only 74 percent express confidence in the effectiveness of their organizations’ cybersecurity capabilities (vs. 81 percent for all industries). The limited confidence expressed by retail respondents here is significant. While only 22 percent of retail organizations (vs. 29 percent for all industries) reported significant data theft, the type and scale of customer data held by these companies make them an attractive target for cyber criminals.
A similar trend is found in retail respondents’ confidence in the threat detection capabilities of their companies’ data analytics (69 percent vs. 77 percent for all industries). Strengthening this detection mechanism could help address the industry’s concerns regarding loss prevention. The sector may also benefit from paying closer attention to screening of personnel; when considering all categories of threats collectively, the retail industry is more likely than any other to find that the perpetrators are employees (30 percent vs. 24 percent for all industries) and contractors (22 percent vs. 16 percent for all industries). More than half of all retail risk incidents, in other words, are caused by people inside the organization.
The industry could also redouble its efforts to foster a culture of transparency and accountability. Fewer respondents from retail than from any other industry assert that in their organizations serious breaches of risk management processes are met with thorough internal investigations (67 percent vs. 75 percent for all industries) or that risk management processes are adapted to local market and cultural nuances (65 percent vs. 72 percent for all industries).
In the area of due diligence, retail is the least likely of all sectors to conduct reputational due diligence on candidates for board seats or senior executive positions (85 percent vs. 91 percent for all industries) or suppliers (84 percent vs. 92 percent overall). Given increased public scrutiny of the integrity of both corporate leadership and the supply chain, the retail industry should embrace the use of due diligence as a mechanism for reducing risk in this area.
The retail industry takes a conservative view toward the use of social media influencers. Retail respondents are more likely than those from any other industry to report that they never use this type of spokesperson (35 percent vs. 22 percent for all industries). Retail holds a similarly skeptical view of cryptocurrency; of all industries, it has the lowest percentage actively using crypto (19 percent vs. 28 percent overall) and the highest percentage with no plans in place to use it (30 percent vs. 19 percent for all industries).