A new report by Capgemini's Digital Transformation Institute has revealed that cybersecurity is a new source of competitive advantage for retailers.
It calls for more organisations to align cybersecurity policies with customer expectations in order to take advantage of this opportunity. The report, Cybersecurity: The New Source of Competitive Advantage for Retailers demonstrates that consumers are increasingly aware of security breaches in retail and are willing to spend more with retailers who demonstrate robust cybersecurity capabilities. Based on average annual consumer spending, this equates to a potential annual revenue uplift of 5.4%.
The new report, which surveyed over 6,000 consumers and 200 retail executives found that 77% of consumers ranked cybersecurity as the third most important factor when selecting retailers, behind product availability and quality, and above traditional factors including pricing and brand reputation. Strong cybersecurity measures increase customer satisfaction by 13%; while 40% of consumers would be willing to increase their online spend by at least 20% more with retailers they trust. The report revealed that retailers who are able to adopt advanced cybersecurity measures could drive a 5.4% uplift in annual revenue.
However, the report identified a disconnect between the assurances consumers want and what retailers are doing. Seventy percent of consumers want to be assured that their financial and personal information is safe yet only 44% of retailers are actively informing them. Retailers are also not adequately informing their customers of data breaches. Forty percent of retailers said they experienced a data breach over the past three years (2015-2017 inclusive) and had customer financial or personal data compromised, yet only 21% of consumers say that they heard their primary retailer's name mentioned with a data breach.
"Today's consumers are confident online shoppers and savvy about their consumer rights. They value cybersecurity highly and they want to shop with retailers they can trust" says Geert van der Linden, Cybersecurity Business Lead, Capgemini's cybersecurity practice. "It's the right time for retailers to consider cybersecurity as a business priority at executive leadership level".
"Cybersecurity represents a lucrative opportunity for retailers to improve customer satisfaction and drive higher online spending" said Tim Bridges, Global Sector Lead, Consumer Products, Retail & Distribution at Capgemini. "Only retailers who are able to effectively align their cybersecurity measures with customer expectations will be able to impact top-line revenue."
The report includes a series of practical recommendations, based on the findings of the survey, to help retail leaders to address the increasing incidents of cyberattacks in retail, along with the growing demand from customers for greater transparency,
Priority 1 – Work to understand customers' expectations and ensure the required features are fully implemented
Priority 2 – Ensure cyber-defense systems are one-step ahead of hackers
The report reveals that inclusion of new technologies, weak segregation of duties, and outdated architecture are the top three vulnerabilities that have been exploited by hackers during retail breaches in the last three years. Yet less than half of the retailers perform security audits on a daily or weekly basis. To stay ahead of hackers, the report highlights that it is important for retailers to:
- Understand the organisation's vulnerabilities and reinforce them
- Identify the biggest threats and adopt best practices to detect them
- Involve top management to ensure adequate investment for the key security initiatives
- Develop a solid incident response plan to prevent customer churn
Priority 3 – Position themselves as the safe custodian of customer data
The report reveals a strong disconnect between consumers and retailers on whether explicit permission for storing and using data is taken. Nearly a third (29%) of consumers say their primary retailer does not communicate changes in data privacy to them. As the GDPR deadline looms ever closer, it is imperative that retailers devise strategies to mitigate this disconnect and assure consumer's that their data is safe. Currently, only 40-60% of retailers have fully implemented certain components of the GDPR requirements.
Capgemini surveyed 206 executives at the director level or above, with 71% of the executives in retail companies with reported revenues of more than $1 billion in FY 2016. Capgemini also surveyed 6,120 consumers aged 18+. Both surveys took place from January to February 2018, and covered nine countries–France, Germany, India, Italy, the Netherlands, Spain, Sweden, the United Kingdom, and the United States.
 Figure 20 of Capgemini Cybersecurity: The New Source of Competitive Advantage for Retailers report