Shoppers are increasingly aware of retail security breaches and will spend more money with retailers that have robust cyber security capabilities, according to a new report from Capgemini’s Digital Transformation Institute.
Titled “Cyber Security, The New Source of Competitive Advantage for Retailers,” the report finds that 77% of consumers rank cyber security as the third most important factor when selecting retailers, after product availability and quality, and ahead of traditional criteria like price and brand reputation.
Based on average consumer spending, improving cyber security can drive potential annual revenue growth of 5.4%; customer satisfaction can increase 13%. Among online shoppers, 40% are willing to boost spending by at least 20% with retailers they trust.
Specific cyber security and data privacy factors addressed were: safety of in-store devices like kiosks, websites and apps, stored personal or financial data, and transparency in the use of stored personal or financial data.
The report studied more than 6,000 shoppers and 200 retail executives in France, Germany, India, Italy, The Netherlands, Spain, Sweden, the U.K. and U.S.
“Today’s consumers are confident online shoppers and savvy about their rights,” said Geert van der Linden, cyber security business lead at Capgemini. “They value cyber security highly and want to shop retailers they trust. It’s the right time for retailers to consider cyber security as a priority at the executive leadership level.”
“Cyber security represents a lucrative opportunity for retailers to improve customer satisfaction and drive online spending," added Tim Bridges, Capgemini's global sector lead for consumer products, retail and distribution. "Only retailers that are able to efficiently align their cyber security measures with customer expectations will be able to impact top line revenue.”
Consumers do not view all cyber security issues in the same light. The percentage point increase in the share of satisfied customers varies by type of cyber security and data privacy capabilities implemented:
- Encryption of stored data: 15%
- Prompt for passwords while accessing accounts: 15%
- Control over what customer data the retailer can store and for how long: 13%
- Use of advanced anti-malware tools at stores/servers for online shopping: 12%
- Use of PIN/chip cards instead of swipe/sign cards in stores: 9%
- Dual identification, both with mobile device and using finger print/iris scan: 7%
- Use of fingerprint/iris scan at stores: 4%
- Finger print-based authentication on web sites/apps: 3%
The study also finds that retailers and consumers have differing opinions on the efficiency of security measures, with executives significantly more likely to rate their companies’ security measures as “outstanding:” One reason is that more than half of retailers have not fully implemented the five capabilities with the greatest impact on shopper satisfaction:
- Encryption of stored data
- Use of advanced anti-malware tools at stores/servers for online shopping
- Control over what customer data the retailer can store, and for how long
- Use of advanced data encryption on websites/apps
Another problem is that 70% of consumers want assurance that their financial and personal information are safe — but just 44% of retailers are informing them.
Forty percent of retailers said they experienced a data breach over the past three years that compromised personal or financial shopper information. But just 21% of consumers said they heard their primary retailer’s name mentioned in conjunction with a data breach. And only 27% of retailers have formed incidence response teams to react effectively after a breach.
“We (as retailers) have a decent-sized target on our backs,” said Tyson Martin, chief information security officer at Orvis Company. “It’s about access and visibility. People see our products and services and the exchange of money for those goods, and they understand the scale right away. Coupled with the collection, storage and processing of customer data … this is a large risk and our biggest vulnerability.”
The report includes the following recommendations for retailers:
1. Understand shopper expectations and ensure that features driving customer satisfaction in the aforementioned five key areas are fully implemented.
2. Ensure cyber defense systems are one step ahead of hackers. Over the past three years, inclusion of new technologies, weak segregation of duties and outdated architecture have been the top three areas exploited by hackers. But fewer than half of retailers conduct security audits daily or weekly.
3. Position the company as “safe” custodians of customer data and be completely transparent about your activity.
As the GDPR deadline looms in Europe, retailers must create strategies to mitigate assure that consumer data is safe. But just 40% to 60% of retailers have fully enacted certain components of the GDPR requirements, according to the study.