New analysis from NTT Security shows retailers are sinking against a rising tide of internet threats. Figures from NTT Security’s Risk:Value Index 2018 shows that the average company in the retail sector scores just +1, meaning that the average retailer is exercising only marginally more good practice than bad practice.

NTT Security’s Risk:Value Index, which harnesses our Risk:Value 2018 research, measures the extent to which businesses are exercising good or bad cybersecurity practice. Each business is assigned either a positive score for good practice, or a negative score for bad practice, on 17 criteria. These scores are totalled for each business, giving a maximum score of +27 and a minimum score of -41. An overall positive score means that the business concerned is practising more good practice than bad practice (which we describe as swimming against the tide of internet threats), and a negative score means more bad practice than good practice (sinking against the tide of internet threats).

Good practice includes having a formal cybersecurity policy in place, and communicating it effectively, and ensuring cybersecurity is discussed at board-level. Bad practice includes failing to secure critical data, lack of awareness of threats and a lack of an incident response plan

Businesses are grouped by vertical sector for comparison. Across all sectors, businesses scored an average of +3: two points higher than retailers. 31% of all businesses are sinking, while the figure rises to a massive 48% for retailers.


This is bad news for the retail sector, which has faced numerous breaches throughout 2018, and at the same time, in many cases, is struggling with diminishing margins and the pressures of the switch to internet shopping.

However, security threats are likely to worsen in 2019. Unfortunately, fraudulent transactions mirror sales value and the recent Black Friday sales were a magnet for hackers. NTT Security will publish its Monthly Threat Report for November in the next few days and we’ll provide more details on the volume and nature of threats to the retail sector, as well as providing some handy advice. 

NTT Security’s Risk:Value research highlighted a number of specific weaknesses:

·       Retailers spend 2 percentage points less of their IT budget on cybersecurity compared to the average business

·       Less than half (46%) of all retailers say their critical data (such as customer or financial information) is completely secure

·       Just 48% of retailers have a formal cybersecurity policy in place 

And it’s interesting to note from the research that retailers believe that the biggest single risk to their business is losing market share to their competitors. Falling victim to a cybersecurity breach is one way to ensure that will happen.