LevelBlue, a provider of managed network security services, managed detection and response, strategic consulting, and threat intelligence, today released its 2024 Futures Report: Cyber Resilience in Retail.
The findings detail how the rapid evolution of computing has thrust retail businesses into a perpetual struggle between innovation and risk. While dynamic computing presents major opportunities for technology innovation in the retail industry, these capabilities bring new security challenges that will require retailers to enhance their cybersecurity resilience to better safeguard against today’s threats.
There is a high degree of optimism in the retail industry as it relates to the innovation potential that results from dynamic computing. In fact, 86% of respondents anticipate that dynamic computing will enhance operational performance within the next three years, especially in artificial intelligence (AI) strategy development and leveraging sophisticated supply chains. However, a similar number – 82% – acknowledge the increased exposure to risk.
Despite this acknowledgment, 77% of respondents believe dynamic computing’s innovation benefits outweigh the cybersecurity risks. Furthermore, retail leaders are ambitious about investing in the technologies underpinning dynamic computing, but 62% report being a cautious or late AI adopter.
“The era of dynamic computing, spawned by the Internet of Things (IoT) and 5G technologies present both tremendous opportunities and risks for retail organizations,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. “However, as traditional perimeters dissolve, traditional security methods no longer suffice, and retailer leaders need to be thinking broadly about overall cyber resilience. They need to be concerned with establishing visibility into the entire IT estate and protecting the whole organization, including supply chains and meeting the demands of customer data privacy. With our new research, leaders can analyze the landscape of barriers that exist, and take away practical steps for overcoming them with their retail organizations.”
Today’s retailers continue to face unintended consequences as supply chain attacks rise, and vulnerabilities from third-party sources become the top threat factors. This latest LevelBlue report indicates that there is a significant lack of visibility of the supply chain, with 67% of respondents indicating this as a major concern for physical and software supply chains. Another 75% of respondents reveal difficulty in assessing supply chain risk, with only 36% stating that their supply chain is completely or almost completely secure.
When assessing cyber resilience planning and cybersecurity budgeting for retail organizations, the report found that:
- 65% of respondents reported that leadership doesn’t prioritize cyber resilience, and 75% say their organizations do not specifically invest in cyber resilience beyond cybersecurity.
- Only 37% integrate cybersecurity into their computing planning or have a cybersecurity budget line item for every project, and a majority (74%) indicate that cybersecurity resilience initiatives are not sufficiently factored into the organization’s budget.
- 72% believe cybersecurity is an afterthought, and 74% indicate that it’s impossible for them to assess how an attack might impact their organization.
- 67% confirm efforts are often siloed, hindering comprehensive protection, 65% lack formalized incident response plans, and 62% do not have standardized cybersecurity processes.
- 61% indicate that they have little to zero visibility into the IT estate, and 74% say the lack of visibility is compounded by new regulations.
- 80% reveal their organizations are at risk due to barriers impacting their cybersecurity resilience strategies, and 78% report struggling to find the external guidance they need.
To better achieve cyber resilience in the retail industry, LevelBlue shares five specific steps that can be applied across industries, directly in response to these findings: identify the barriers to cyber resilience; be secure by design; align cyber investment with business; build a support ecosystem; and transform cybersecurity strategies.
Download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Retail at this link here. The report identifies how retail organizations can effectively prioritize innovation while reducing cyber risk in today’s quickly advancing retail environment. This report follows the May 2024 release of the core 2024 LevelBlue Futures Report found here.
Methodology
The research is based on a quantitative survey that was carried out by FT Longitude in March 2024. There were a total of 1,050 C-suite and senior executives surveyed, across 18 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education). Respondents were employed in a variety of cybersecurity-related roles, with 32% working at C-level and the remainder employed in C-minus one positions. The total number surveyed in retail is 171.
