Retailers are still struggling to secure data effectively, confirms new research from Claranet


Keeping data secure remains a top priority for retail businesses, and as the General Data Protection Regulation (GDPR) comes into force on the 25 May 2018, there is an increased urgency to improve the way data is managed and secured. However, despite this impending deadline, the rapidly evolving threat landscape and a growing struggle to encourage consumer spending, new research from managed services provider Claranet has found that many companies are still not managing their data as well as they could.

The research, which was conducted by Vanson Bourne who surveyed 750 IT decision-makers for Claranet’s Beyond Digital Transformation research report, identified that security is an area that many are struggling with. Worryingly, 69 per cent of respondents stated that they were not able to secure customer data effectively, with almost half (45 per cent) encountering challenges around securing customer details when trying to improve the digital user experience for customers. This points to a distinct lack of capability when it comes to managing security in a reliable manner.

Alongside this, the research found that IT teams are struggling to acquire the skills and expertise that are necessary in addressing this disparity. Almost four in ten (37 per cent) identified information security as one of the biggest challenges facing their organisation’s IT department, and 41 per cent stated that their security procedures and requirements hold back their ability to innovate.

Commenting on the findings, Michel Robert, Claranet’s UK managing director, said: “There can be little doubt that data security is one of the most pressing issues facing retail businesses today and that sound security practices are the foundation upon which a positive customer experience is built, but our research confirms this is an area in which most retailers are failing. The GDPR is on our doorstep, but it is clear that many have their work cut out if they are to comply with the regulation. Thinking more broadly, the fact that almost seven in ten organisations can’t guarantee the security of their customer data is particularly concerning.”

“Part of the problem derives from the fact that most internal IT teams don’t have the skills, expertise or the time to keep up with the rapidly changing threat landscape as it’s not their key area of focus. Our research has shown that organisations are very much aware of this problem, but also that they are still some way away from solving it. Retailers will need to stay alert to changes to legislation and the nature of prevailing threats, compliance and legislation as more and more data is stored and analysed, but security can slide down the list of priorities, jostling with ‘keeping the lights on’ maintenance activities and innovation,” he continued.

To address these shortcomings, businesses are set to ramp up their investments in IT. According to the findings, 56 per cent of retail businesses are expecting to increase their IT budget across the entire organisation by at least 5 per cent next year. However, only 13 per cent of retail businesses are set to prioritise improving their security.

Robert continued: “It’s encouraging that businesses are planning to invest more heavily in their IT capabilities, but security should occupy a much higher place in the agenda in this area, especially given the fact that customer transactions and cardholder data held by retailers will be particular targets for cyber attackers.

“It’s important to recognise that much still needs be done in terms of increasing cybersecurity capabilities at a pace rapid enough to ensure GDPR readiness and overall preparedness. Businesses are aware of the challenges they face, but the current level of available expertise can hold back initiatives. By working with expert third parties, retailers can rapidly gain an extra layer of cybersecurity expertise, identify vulnerabilities and define priorities for improvement,” he concluded.