Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

11:00 AM
Dan Ross
Dan Ross
Connect Directly
E-Mail vvv

How Retail Can Win Back Consumer Trust

Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.

As more retail chains become easy pickings for cybercriminals, brand managers are finally becoming appropriately concerned about endpoint security. It’s taken these highly visible and widespread attacks by malicious actors to serve as the wake-up call to executives who have been slow to see cybersecurity as a core responsibility.

I’m sure you are familiar with the headlines:

  • After Target’s infamous security breach in 2013, CEO Gregg Steinhafel resigned in the aftermath, underscoring the new reality that data breaches have far-reaching consequences for companies and their brands.
  • The supermarket chain SuperValu (at least 180 stores affected) and UPS (51 stores) recently disclosed information about a related data breach after Homeland Security and the Secret Service issued a warning that more than 1,000 American businesses have likely been affected by “Backoff."
  • In a potentially related case, Home Depot recently acknowledged that a major breach of its POS systems dating as far back April has allowed an estimated 56 million credit card numbers to be compromised. The full extent and origins of the damage remain to be seen, but it is likely the largest breach to date.
  • In the most recent news, the JP Morgan Chase breach compromised the accounts of 76 million households as well as those of seven million small businesses, making it one of the biggest security breaches to date.

These breaches are rising rapidly. Ponemon Institute’s 2014 Cost of Data Breach report, for example, found that the average abnormal customer churn rate after a breach rose 15% over last year. This highlights the public’s growing concern over the security and privacy of information, and underscores a need for companies to secure their infrastructure in order to protect their reputation over the long term.

Even for beloved brands like Target, the impact is significant. Target reported in February that its fourth-quarter profit had fallen 46 percent, after the holiday season breach scared off customers. The retail giant’s total breach-related expenses have reached $235 million so far; some analysts initially feared the fallout could reach $1 billion. Other factors influence stock price, but I’m certain we will see more instances of breaches being a tipping point or last straw for companies that were already vulnerable. 

Security + Privacy = Trust
Consumer loyalty to brands is all about trust, which today has everything to do with security and privacy. When consumers feel that this trust has been broken, brands will suffer long-term consequences.

I can’t say it enough: prevention and detection are both critical to security. Let’s face it, the bad guys are already inside. Taking preventative measures keeps networks under better control and eases recovery and remediation efforts. Security leaders should never assume that intruders are not able to get in. Brands need to invest in better security detection and prevention solutions that will help avoid a similar breach in the future. They should also let the consumers know that they are investing and taking these measures.

Shortening the time from attack to detection is the absolute number one key to mitigating damage to a brand’s reputation, bottom line, and customers. As consumers become more disgruntled and more educated about these breaches, expectations will shift. Discovering malware months after initial intrusion will be seen as negligence and/or incompetence in the court of public opinion. Until recently, the average consumer may have regarded such breaches as inevitable and experienced only minor inconvenience. As breach notifications increase, concerns about identity theft mount and consumer patience erodes. Likewise, government leaders, legal advocates, and credit card companies have begun to push back on retailers.

A unified, system-wide view of security enhances information sharing between IT and the executive suite. Cross-functional teams must be allowed to communicate risks effectively with the help of real-time factual reports, and awareness of these risks must spread beyond the walls of the IT and security departments. Open and trusted lines of communication may be one of the most effective ways to close the intrusion-to-detection dwell time, as Target learned the hard way when an employee complaint on Gawker.com triggered a very public discussion about corporate culture and the company’s failure to heed internal warnings leading to the breach.

Ultimately brand and reputation become synonymous in the eyes of customers and the market as a whole. In order for organizations to rebuild or even maintain trust, they need to recognize that a breach in this day and age is inevitable and therefore your brand’s reputation will depend on how you deal with it.

With more than 30 years of successful entrepreneurial leadership and management experience, Dan Ross is responsible for strategic direction and day-to-day global management at Promisec. Promisec is a pioneer in endpoint visibility and remediation, empowering ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
10/10/2014 | 10:17:31 AM
Begin with the end in mind
With the velocity of data breaches in the headlines these days, it's easy to get caught up in the whats, whys, wherefores and finger-pointing. But the bottom line is that when a company's data is breached, their reputation is on the line and it's in their best interest to be as transparent as possible with customers and the general public. Thanks for reminding us of that Dan, and for threading trust and reputation through the security needle. 
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-22
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.
PUBLISHED: 2019-11-22
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users� information leakage.
PUBLISHED: 2019-11-22
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users� information leakage.
PUBLISHED: 2019-11-22
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.
PUBLISHED: 2019-11-22
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks ag...