More than half of retailers have cut their IT security budgets as a direct result of the credit crunch, and over a third will cut security spendnext year, despite most being victims of cyber attacks.
According to Deloitte's latest Consumer Business Security Survey, 64% or retailers have cut security projects as a result of the economic downturn, and 36% expect budget cuts next year.
And despite high-profile cyber attacks on retailers, such as the theft last year of 45 million credit and debit card identities fromnine US retailers including TJX,only 45% of retailers have a formally defined information security strategy.
The thieves allegedly parked outside TJX and other stores and used laptop PCs to hack into unprotected wireless networks before stealing the details of credit and debit card account holders.
Mike Maddison said that the retailers surveyed have improved security in the last year but need to do more. "A year on and it is clear that most companies surveyed have taken the basic steps towards a robust security programme by identifying a security manager and putting in place key security protective measures, but they have not reached the level of maturity we see in other industries."
Deloitte revealed that 91% of retailers have experienced IT security breaches in the last 12 months.
The research shows that 45% retailers are do not carry out periodic security assessments of third parties they work with.
Most retailers (82%) believe the most significant consequence of any loss of data would be a loss of reputation, and27% thinklosing data would not affectrevenue.
36% said social engineering would be a major threat to security in 2009.