Loading...
New report highlights vulnerabilities in retail sector as consumers prepare for busiest shopping season of the year
SecurityScorecard Threat Intel Report: 97% of Top U.S. Retailers Experienced a Third-Party Breach
Media Contact
Allison Knight
10Fold for SecurityScorecard
securityscorecard@10fold.com
SecurityScorecard today released new research revealing that 97% of the top 100 U.S. retailers experienced a third-party data breach in the past year, exposing significant vulnerabilities just as consumers prepare for the busiest shopping season of the year.
With vast amounts of customer data — including sensitive payment details and personally identifiable information (PII) — retailers are particularly susceptible to third-party breaches. This highly valuable data is a goldmine for cybercriminals, who exploit it for identity theft, financial fraud, and other malicious purposes.
Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, said:
“In the hustle to keep up with holiday sales, retailers must not let their guard down. Cybercriminals are lurking, ready to exploit any distraction. A single data breach could devastate a company’s bottom line and irreparably damage consumer trust. With all eyes on retailers in the coming month, they can’t afford to stand still. It’s imperative to prioritize security — not just for themselves, but for their vendors as well.”
Key findings
Cybersecurity recommendations for the retail industry
Based on this analysis, the SecurityScorecard STRIKE team also offers actionable insights for enhancing cybersecurity in the retail sector:
Methodology
SecurityScorecard researchers analyzed the 100 top U.S. retailers based on 2023 worldwide retail sales, assessing over 14,000 domains, including third- and fourth-party vendors.
SecurityScorecard gathers significant amounts of non-intrusive data on the cybersecurity performance of companies worldwide. Using this data, SecurityScorecard calculates an overall score, graded A through F, based on ten factors that are predictive of a security breach.
Additional resources
About STRIKE
The STRIKE threat intelligence team combines unique threat intelligence, incident response experience, and supply chain cyber risk expertise. Backed by SecurityScorecard technology, STRIKE is a strategic advisor to CISOs worldwide, empowering the entire digital ecosystem to identify, measure, and resolve cyber risk.
About SecurityScorecard
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2014 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented security ratings technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risks to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
View source version on businesswire.com: https://www.businesswire.com/news/home/20241120730338/en/