Data Security and Information Privacy Risks in the Retail Industry

Retailers are among the industries most affected by cyber breaches — but there are steps to take to mitigate the risk.

Since a regulatory action usually precedes a civil action, substantial legal and forensic investigation costs can be incurred even for events where no one is harmed or is even at risk.

With a high volume of personally identifiable information (PII) and payment card information changing hands with every transaction, the retail industry is one of the most vulnerable targets of cyber-attacks. The threat is intensified when PII is not adequately protected through the use of firewalls or encryption. And as the frequency and severity of attacks and losses mount, regulators, shareholders, and other stakeholders are paying ever more attention to retailers’ cyber risk control measures.

In “Data Security and Information Privacy Risks in the Retail Industry,” we discuss:

• Recent developments expanding consumer privacy rights.
• The high cost of recovering from a cyber incident, including legal and forensic investigations.
• Growing Securities and Exchange Commission scrutiny.
• Insurance solutions to help mitigate the costs of cyber-attacks.