Near half, 48 per cent, of e-commerce/online retail businesses and 41 per cent of financial services organisations have reported losing some type of finance-related information to cybercriminal activities within a 12 month period. That is according to a Kaspersky Lab survey of IT people worldwide.
This survey also, surprisingly the iT security product firm says, found that the e-commerce/online retailer business segment is the least likely to deploy and update specialised anti-fraud measures to protect financial transactions.
Attitudes
The e-commerce/online retail and financial services business sectors both depend on their abilities to receive, process and store sensitive financial information from customers. Through a combination of targeted attacks, application vulnerabilities and other forms of cyberattacks, almost half of businesses in both sectors will lose some of this information over a year. Such a loss can not only damage the reputations of these businesses, which are highly dependent on trust, but can also trigger costly legal penalties, removal and clean-up costs. But while these two segments share these similarities, their attitudes towards security technology are markedly different, the firm says.
Only 53 per cent of the e-commerce/online retail segment indicated that they “make every effort to keep anti-fraud measures up to date,” which is ten per cent lower than the overall global average, and the lowest overall of any business segment. Since the entire business model of online merchants is based on online and electronic payment processing, this reluctance to invest in anti-fraud measures seems highly counter-intuitive.
The financial services segment takes a more positive and proactive approach towards securing their financial data. When asked if they “make every effort to keep anti-fraud measures up to date,” 64 per cent of finacial services providers agreed, a response rate tied for highest across all segments. This enthusiastic response is the complete opposite of the attitudes in the e-commerce/online retail segment. Additionally, 52 per cent of the financial services segment reported a desire to implement new technologies to protect financial transactions, compared to 46 per cent of the e-commerce/online retail segment.
Changes
The survey asked businesses that experienced a serious data loss incident about steps taken afterwards to protect their customers and despite their differing attitudes, both the e-commerce/online retail and financial services sectors took similar steps to implement additional protections. The most common measure implemented was “providing secure connections for customer transactions,” which was done by 88 per cent of financial services organisations and 78 per cent of e-commerce/online retailers. Financial service providers are more focused on providing specialised solutions for mobile devices than e-commerce/online retailers (75 per cent vs. 56 per cent, respectively), which means mobile payment security for online merchants may be a future area of concern.
In general, the least common step taken by both financial service providers and e-commerce/online retailers following a data breach was to provide free or discounted versions of premium internet security software to their customers. It would appear that both sectors are more willing to invest in securing their own systems, rather than investing in securing their customers’ systems.
Lastly, despite the relatively high adoption rates of specialised fraud protection for endpoints after a data breach – 71 per cent for financial services and 62 per cent for e-commerce/online retailers – the flip-side of those numbers is noteworthy. These numbers show that approximately one-third of companies in both sectors are still not investing in financial security software, even after financial information is stolen from them in a data breach incident. Visit www.kaspersky.com.
