Cyberattacks are on the rise and every industry is fair game to cybercriminals. The retail industry is no exception. In fact, according to Sophos’ State of Ransomware in Retail 2021 report, 44% of the industry was struck by ransomware or extortionware attacks in 2020. While the average payment seems relatively small at around $147,811 compared to a worldwide average of over $180k, the total cost of recovering from an attack which includes downtime, security enhancements, lost labor and lost opportunities was estimated at around 1.97 million – over 100k more than the national average of 1.85 million.
This sharp increase in ransomware attacks can be attributed to the pandemic’s drive to move to an online marketplace as quickly as possible. This rapid trial-by-fire method of securing their systems and data has certainly forced their IT teams to up their cybersecurity knowledge and increase their overall security posture. But it doesn’t change the fact that the overall nature of the retail workforce can continue to make the retail industry vulnerable to cyberattacks.
Cyberattacks and Retail Businesses
One of the industry’s biggest weaknesses is its high employee turnover rate. Before the pandemic, the turnover rate averaged around 43% between 2016 and 2019 according to the Bureau of Labor Statistics. In 2020, this number jumped to 57.3%. Obviously, the pandemic has a significant impact on these statistics, but even without the pandemic, the turnover rate is high compared to most other industries. The reasons can vary from the simple nature of seasonal business fluctuations to low wages to poor training. Whatever the reason, these problems existed before the pandemic and they still exist today.
With the retail season just around the corner, we wrote an ebook, The Retail Industry’s Biggest Security Risks, outlining the security risks that this high turnover can pose to retail organizations and what steps you can take to protect your organization in the future.