With the holiday season approaching, HYPR, the Identity Assurance company, is cautioning retailers about the impact of identity-related breaches on holiday-sales, customer loyalty and financial stability.
Based on a survey of nearly 400 IT security decision-makers and retail customers, HYPR’s latest spotlight report, ‘The Unexpected Impact of Identity Security on Shopping Habits,’ exposes a concerning gap in authentication practices and underscores the heightened awareness of security risks among today’s consumers.
The most notable research findings were that 58% of retail organizations experienced at least one “authentication-related breach” and 65% were “victims of identity fraud over the last 12 months.”
Bojan Simic, CEO and Co-founder of HYPR said that retailers need to understand that security is “no longer just an IT issue; it’s a business imperative.” Simic added that failing to protect customer data “can have devastating consequences.”
The situation is dire: 89% of retailers surveyed by HYPR faced a cyberattack over the last 12 months, with more than eight in ten (83%) going on to suffer breaches.
Even more alarming, these retailers experienced multiple breaches – three on average – highlighting the “persistent and escalating nature of these threats.”
When unpacking the details of these breaches, results revealed:
- 78% were breached via credential misuse or authentication vulnerabilities
- Phishing as a means for credential misuse, continues to dominate as the leading attack vector with 35% falling victim, credential stuffing (26%) and identity impersonation (27%) remain in the top five
- A third (32%) of retail organizations experienced ransomware
41% did change their authentication methods following a breach
The barrage of cyberattacks is costly and it also “erodes consumer trust and jeopardizes bottom line performance.”
Notably, retailers have suffered losses of up to “$6.27 million in the last year alone due to insecure authentication methods.”
An alarming amount given FIs reported “$4.57 million during the same period.”
But, in retail where consumer choice is abundant and switching costs “are low, reputational damage is often the most impactful threat to company success.”
For instance, 35% of the firms breached lost customers to “a competitor and 25% suffered reputational damages.”
Customers are becoming more vocal in their demands for robust security measures, prioritizing retailers who can “demonstrate a commitment to protecting their data and privacy.”
The majority (85%) are pointing the finger at the Government, “insisting that more regulations are needed to protect consumer data.”
In saying so:
- 88% of customers demand retailers have strong security protocols to protect their personal information
- Nearly all respondents were concerned with shopping online, listing credit card theft (88%) as their main concern, followed by identity theft (74%), and stolen login credentials (70%)
- Regardless of age or demographic, 81% would cease shopping a retailer if they had a breach
- When looking for strong protection measures, over three quarters of customers would choose a retailer that offers passkeys
As covered, HYPR, the enabler of passwordless identity assurance, delivers the end-to-end identity security for the workforce and customers.
By unifying phishing-resistant passwordless authentication, adaptive risk mitigation, and automated identity verification, HYPR claims that it ensures secure and seamless user experiences.
“Trusted” by organizations, including large US banks, leading manufacturers, and critical infrastructure companies, HYPR secures “some of the most complex and demanding environments globally.”