CIO Influence
CIO Influence News IT services Security

SecurityScorecard Threat Intel Report: 97 Percent of Top U.S. Retailers Experienced a Third-Party Breach

SecurityScorecard Threat Intel Report: 97 Percent of Top U.S. Retailers Experienced a Third-Party Breach

New report highlights vulnerabilities in retail sector as consumers prepare for busiest shopping season of the year

SecurityScorecard today released new research revealing that 97% of the top 100 U.S. retailers experienced a third-party data breach in the past year, exposing significant vulnerabilities just as consumers prepare for the busiest shopping season of the year.

Also Read: Invicti Security Appoints Kevin Gallagher as President

With vast amounts of customer data — including sensitive payment details and personally identifiable information (PII) — retailers are particularly susceptible to third-party breaches. This highly valuable data is a goldmine for cybercriminals, who exploit it for identity theft, financial fraud, and other malicious purposes.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, said:

“In the hustle to keep up with holiday sales, retailers must not let their guard down. Cybercriminals are lurking, ready to exploit any distraction. A single data breach could devastate a company’s bottom line and irreparably damage consumer trust. With all eyes on retailers in the coming month, they can’t afford to stand still. It’s imperative to prioritize security — not just for themselves, but for their vendors as well.”

Key findings

  • 97% of the largest U.S. retailers experienced a third-party breach, with only 4% of vendors compromised highlighting the far-reaching impact of these vulnerabilities. Only 12 retailers were directly breached.
  • 97% also suffered fourth-party breaches, from just 2% of vendors.
  • Each of the top 20 U.S. retailers faced a third-party breach.
  • 22% of retailers received an A security rating, while those with a B are 2.9x more likely to suffer data breaches.

Cybersecurity recommendations for the retail industry

Based on this analysis, the SecurityScorecard STRIKE team also offers actionable insights for enhancing cybersecurity in the retail sector:

  • Continuously monitor external attack surfaces: Implement automated scanning to detect IT infrastructure and cybersecurity risks across vendor and partner environments.
  • Identify single points of failure: Map the critical business processes and technologies to identify any single points of failure. Create a watch list with these vendors.
  • Automatically detect new vendors: Passively monitors vendors’ IT deployments to identify and resolve hidden supply chain risks.
  • Scrutinize external technology supporting your e-commerce website. Third-party products and services are a common way for attackers to compromise e-commerce websites and collect payment card information.

Also Read: Logitech Expands Availability of Refurbished Devices, Offering High-Quality, Affordable Tech for Work and Play

Methodology

SecurityScorecard researchers analyzed the 100 top U.S. retailers based on 2023 worldwide retail sales, assessing over 14,000 domains, including third- and fourth-party vendors.

SecurityScorecard gathers significant amounts of non-intrusive data on the cybersecurity performance of companies worldwide. Using this data, SecurityScorecard calculates an overall score, graded A through F, based on ten factors that are predictive of a security breach.

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Related posts

Nigeria’s Largest Telco, MTN, Launches RCS Business Messaging with Google and Dotgo

CIO Influence News Desk

MarketWall Provides Update on the InvestoPro Samsung Initiative and Feature in Samsung Wallet

Business Wire

Ericsson Launches IoT Accelerator Connect To Make IoT Connectivity Easier Than Ever For Enterprises

CIO Influence News Desk