The threat of cyber attacks is all too common. While retailers place extremely high priority on data security and invest tremendous resources to prevent attacks, cyber-criminals are persistent and their methods of attack are increasingly sophisticated. Enhanced security measures help to thwart attacks, but unfortunately some attacks have been successful and the resulting incidents can affect millions. Recent successful attacks against retailers, technology companies, utilities and even the most sophisticated government agencies have understandably focused public attention on cybersecurity and data privacy.
There are other important reasons behind recent attention to data privacy and security.
First is the volume of data available to organizations and individuals. It is said that more data will be generated in the next two years than was generated in the entire history of humankind. To retailers, access to such “big data,” and the analytics to interpret it, are essential to providing the tailored services that customers demand. Attention to the security and privacy of that data is understood to be important.
Second, seemingly everything, from refrigerators and TVs to wearable technology that monitors physical activity for health purposes, can now collect, store and transmit data. The internet-of-things, as it is often described, is likely only to expand and as it does, important decisions will have to be made about how to address privacy and security.
While the retail industry is certainly not alone in facing these strategic privacy questions, in many ways its cybersecurity-related challenges are unique.
Unlike attacks on non-consumer facing industries that seek proprietary corporate information, cyber attacks on retailers are aimed at sensitive consumer financial data that can be used for financial gain. The number of those potentially affected in a successful attack is staggeringly high. Such a breach can affect consumers’ faith in the system and can damage the relationship that all retailers seek to build with their customers.
Also, while retailers understand and manage their internal systems and security, they have little or no influence over the other players in the payments universe, specifically the card networks and banks. For years, retailers have tried without success to convince the banks and the card networks to adopt the 21st century fraud prevention technology in use around the world.
Collectively, we face many challenges, all of which require collaboration across the industry and with other stakeholders, including other industries and policymakers.
Yesterday, the RILA Board of Directors approved a comprehensive, collaborative and sustainable plan to address these challenges.
The RILA Cybersecurity and Data Privacy Initiative aims to:
- Enhance existing cybersecurity and privacy efforts
- Inform the public dialogue
- Build and maintain consumer trust
The industry is already going to great lengths to minimize risk and stay ahead of cyber criminals. But through collaboration, our ability to develop innovative solutions and anticipate threats will grow, enhancing our collective security and giving customers the service and peace of mind they deserve.