CybersecurityRetailers spend less on cybersecurity than other industries, and it shows

Published 5 September 2014

Cybersecurity analysts say that retailers are spending less on cybersecuirty measures than banks and healthcare providers. Retailers spend 4 percent of their IT budgets on cybersecuirty, while financial services and healthcare providers spend 5.5 percent and 5.6 percent, respectively. On cybersecurity spending per employee, the banking and finance industries spend roughly $2,500 per employee, while retailers invest about $400 per employee. On Tuesday, Home Depot became the latest retailer to investigate a potential major breach of customer credit or debit card data.

Cybersecurity analysts say that retailers are spending less on cybersecuirty measures than banks and healthcare providers. On Tuesday, Home Depot became the latest retailer to investigate a potential breach of customer credit or debit card data. According to Krebs on Security, multiple banks have evidence that Home Depot stores are likely to be the source of a massive new collection of stolen credit and debit cards that went on sale on Tuesday in the cybercrime underground. “I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Home Depot spokesperson Paula Drake said, adding that “protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers.”

Earlier this year, Neiman Marcus Group. and Target Corp. experienced similar data breaches. “Retailers have been the low-hanging fruit for attackers since they don’t spend as much as banks and government entities in cybersecurity,” said Lawrence Pingree, research director for cybersecurity at Gartner Inc.

The Wall Street Journal reports that retailers spend 4 percent of their IT budgets on cybersecuirty, while financial services and healthcare providers spend 5.5 percent and 5.6 percent respectively. On cybersecurity spending per employee, the banking and finance industries spend roughly $2,500 per employee, while retailers invest about $400 per employee, according to a June 2014 PricewaterhouseCoopersreport on cybercrime in the United States.

Industry surveys reveal a significant correlation between the amount of spending on cybersecurity and the number of cybercrimes detected. “The more you spend, the more incidents you will detect,” according to PricewaterhouseCoopers, adding that organizations operating in highly regulated sectors, such as banking, typically have highly performing cybersecurity programs. However, Pingree notes that while some companies invest more on cybersecurity to reduce their risk of experiencing a cyberattack, they still remain vulnerable.