News • 13.12.2021

New research reveals cybersecurity confidence gap

95 % of stakeholders satisfied with security, yet one third of companies experienced a data breach

A padlock in front of a laptop
Source: flyd2069 / Unsplash

Despite high confidence in their risk assessment capabilities, study finds a third of companies have been breached, and 89% have been hit multiple times.

New data released by Cornell University’s Center for Hospitality Research and FreedomPay reveals that while nearly all (96%) surveyed retail, restaurant and hospitality stakeholders are confident in their companies’ internal risk assessment processes, their satisfaction (95%) in the security of their systems is misaligned with reality, as one-third of companies (31%) have experienced a data breach in their company’s history. Of companies that have been breached, 89% have been hit more than once in a year, and 69% of retail businesses have been breached upwards of three times in a year.

Check Please! How Restaurant, Retail and Hospitality Businesses are Managing Cybersecurity Risks – a joint study between Cornell and FreedomPay – is based on a new survey of small, medium, and large-size enterprises across the hospitality, retail, and food and beverage sectors.

“Especially over the past two years, cybersecurity has been top of mind for businesses as we navigate a highly complex eCommerce network,” said Chris Kronenthal, President of FreedomPay. “Retailers and hospitality businesses increasingly view their payments systems as more than transaction processing – they are important sources of data and customer insights. Merchants and consumers alike need the assurance that this data is being protected and managed properly.”

“These findings provide a baseline understanding of how key decision-makers are handling cybersecurity issues and offer key insights for optimizing and fortifying systems as we continue down this path of accelerated digital transformation,” said Professor Linda Canina, the Dr. Michael Dang Director of the Center for Hospitality Research at the Cornell Peter and Stephanie Nolan School of Hotel Administration.

Threats are rising, complexity abounds

With new cyber threats emerging daily both internally and externally, business leaders are juggling a full slate of concerns and challenges. Threats such as payment integrity (59%) and malware (58%) are the most cited concerns, with risk management (57%) cited as the biggest challenge leaders say their systems face. Companies also fear internal threats, with hospitality companies most frequently citing human error (86%) and lack of employee education (81%) as negatively impacting cybersecurity systems.

Businesses’ best efforts to protect themselves and customers are spurring growing complexity and system proliferation. The findings revealed three-quarters (74%) of companies use more than one cybersecurity system. Medium merchants (80%) are significantly more likely than small merchants (67%) to use more than one system. More than half of companies (56%) have many cybersecurity systems in many locations. Overall, companies are split on whether systems are governed by a single department (51%) or multiple (49%). Small merchants (57%) are significantly more likely to keep governance to one department, while large merchants (63%) are significantly more likely to have multiple departments involved.

Roadblocks remain

Businesses are challenged to balance security with customer preferences, with many implementing heightened cybersecurity measures to make their customers feel more secured and reassured when making a purchase. The study found that 91% of companies believe their customers deeply care about cybersecurity while 86% believe it increases customer loyalty. Yet, companies acknowledge the inherent tradeoffs – namely, two-thirds (65%) of leaders believe that customers are annoyed by extra security measures, and they want systems to be easy to use (67%).

Budgetary concerns may also play a factor in determining any potential system enhancements – among the few (15%) that currently do not have plans to enhance their system, they are most likely to cite preventative costs (61%) and an unwillingness to have a disruption in service (52%).

Despite these roadblocks, companies have said they are increasing or have increased their IT budgets, calling out the COVID-19 pandemic and technology as driving forces. Other notable findings include:

  • In the dark: More than one-third (35%) of surveyed leaders do not know how much of their company’s budget is spent on cybersecurity.
  • Bicameral opinion: While 91% of respondents agree that their customers do care about cybersecurity, 48% also believe their customers do not care about cybersecurity.
  • Inaction: Nearly all (96%) companies say they value the importance of security systems to protect their data, and 85% agree that their customers would be more satisfied if they had extra security measures in place. Yet, half (50%) have either not increased their IT security budget or decreased their budget since 2019.
  • Show me the money: Still, companies are divided on what precautions and guidance are worth the cost. Four-fifths (83%) of companies who do use a third-party to manage and secure information say this option is “more cost-effective” for their business, while half (51%) of companies who do not use a third-party supplier cite it as being “more costly” than their current process.
  • Checking the box? Almost all merchants (91%) are very or extremely confident that their company adequately trains end-users, relying on conferences and seminars (71%) to keep them trained and engaged. Notably, small (92%) and medium (95%) merchants are significantly more confident than their large (79%) counterparts, where the most common form of end-user engagement comes from training videos (82%).
  • Looking for a leader: A majority of companies (87%) say they would welcome involvement from the U.S. government to fight cybersecurity threats as well as enhance policy (84%). Large merchants (threats-76%, policy-74%) and retail companies (threats-81%, policy-75%) are significantly less likely to want the U.S. government involved.

The full report can be downloaded here.

Source: FreedomPay

related articles:

popular articles:

Thumbnail-Photo: Mystery box vending machines: Surprise pack with a success factor?...
14.08.2024   #e-commerce #customer experience

Mystery box vending machines: Surprise pack with a success factor?

New trend tested by iXtenso

Vienna, Berlin, Hamburg, Cologne: mystery boxes or vending machines are popping up in more and more places. The promise: Thrills and spills for little money; after all, you don't know what you're going to get. Reason enough for the iXtenso ...

Thumbnail-Photo: Glory receives 2024 Red Dot award for Product Design...
09.07.2024   #customer experience #design

Glory receives 2024 Red Dot award for Product Design

Glory’s new CI-X Series of retail cash recycling solutions have been awarded a “Red Dot Design Award 2024”, in the product design category.

The Red Dot Award is an international product design award for new products that demonstrate innovation and impact ...

Thumbnail-Photo: More than just inspiration: What makes Pinterest a successful...
29.08.2024   #customer experience #fashion

More than just inspiration: What makes Pinterest a successful performance marketing channel?

How to reach targeted customers and influence their purchasing decisions

Mit über 580 Millionen aktiven Nutzenden weltweit bietet Pinterest eine gewaltige Reichweite und wächst weiter. Besonders die Gen-Z hebt ...

Supplier

GLORY Global Solutions (Germany) GmbH
GLORY Global Solutions (Germany) GmbH
Thomas-Edison-Platz 1
63263 Neu-Isenburg