More than half of retailers have cut their IT security
budgets as a direct result of the credit crunch, and over a third
will cut security spendnext year, despite most being victims of
cyber attacks.
According to Deloitte's latest Consumer Business Security
Survey, 64% or retailers have cut security projects as a result of
the economic downturn, and 36% expect budget cuts next year.
And despite high-profile cyber attacks on retailers, such as
the
theft last year of 45 million credit and debit card identities
fromnine US retailers including TJX,only 45% of retailers have a
formally defined information security strategy.
The thieves allegedly parked outside TJX and other stores and
used laptop PCs to hack into unprotected wireless networks before
stealing the details of credit and debit card account holders.
Mike Maddison said that the retailers surveyed have improved
security in the last year but need to do more. "A year on and it is
clear that most companies surveyed have taken the basic steps
towards a robust security programme by identifying a security
manager and putting in place key security protective measures, but
they have not reached the level of maturity we see in other
industries."
Deloitte revealed that 91% of retailers have experienced IT
security breaches in the last 12 months.
The research shows that 45% retailers are do not carry out
periodic security assessments of third parties they work with.
Most retailers (82%) believe the most significant consequence of
any loss of data would be a loss of reputation, and27% thinklosing
data would not affectrevenue.
36% said
social engineering would be a major threat to security in
2009.