Research: 31 Percent of Retail, Restaurant and Hospitality Companies Have Experienced Data Breach

  • Nov 15, 2021

New data released by Cornell University’s Center for Hospitality Research and FreedomPay, a global leader in data-driven commerce, reveals that while nearly all (96%) surveyed retail, restaurant and hospitality stakeholders are confident in their companies’ internal risk assessment processes, their satisfaction (95%) in the security of their systems is misaligned with reality, as one-third of companies (31%) have experienced a data breach in their company's history. Of companies that have been breached, 89% have been hit more than once in a year, and 69% of retail businesses have been breached upwards of three times in a year.

Check Please! How Restaurant, Retail and Hospitality Businesses are Managing Cybersecurity Risks – a joint study between Cornell and FreedomPay – is based on a new survey of small, medium, and large-size enterprises across the hospitality, retail, and food and beverage sectors.

“Especially over the past two years, cybersecurity has been top of mind for businesses as we navigate a highly complex eCommerce network,” said Chris Kronenthal, President of FreedomPay. “Retailers and hospitality businesses increasingly view their payments systems as more than transaction processing – they are important sources of data and customer insights. Merchants and consumers alike need the assurance that this data is being protected and managed properly.”

"These findings provide a baseline understanding of how key decision-makers are handling cybersecurity issues and offer key insights for optimizing and fortifying systems as we continue down this path of accelerated digital transformation," said Professor Linda Canina, the Dr. Michael Dang Director of the Center for Hospitality Research at the Cornell Peter and Stephanie Nolan School of Hotel Administration.

With new cyber threats emerging daily both internally and externally, business leaders are juggling a full slate of concerns and challenges. Threats such as payment integrity (59%) and malware (58%) are the most cited concerns, with risk management (57%) cited as the biggest challenge leaders say their systems face. Companies also fear internal threats, with hospitality companies most frequently citing human error (86%) and lack of employee education (81%) as negatively impacting cybersecurity systems.

Businesses’ best efforts to protect themselves and customers are spurring growing complexity and system proliferation. The findings revealed three-quarters (74%) of companies use more than one cybersecurity system. Medium merchants (80%) are significantly more likely than small merchants (67%) to use more than one system. More than half of companies (56%) have many cybersecurity systems in many locations. Overall, companies are split on whether systems are governed by a single department (51%) or multiple (49%). Small merchants (57%) are significantly more likely to keep governance to one department, while large merchants (63%) are significantly more likely to have multiple departments involved.

Businesses are challenged to balance security with customer preferences, with many implementing heightened cybersecurity measures to make their customers feel more secured and reassured when making a purchase. The study found that 91% of companies believe their customers deeply care about cybersecurity while 86% believe it increases customer loyalty. Yet, companies acknowledge the inherent tradeoffs – namely, two-thirds (65%) of leaders believe that customers are annoyed by extra security measures, and they want systems to be easy to use (67%).

Budgetary concerns may also play a factor in determining any potential system enhancements – among the few (15%) that currently do not have plans to enhance their system, they are most likely to cite preventative costs (61%) and an unwillingness to have a disruption in service (52%).

Despite these roadblocks, companies have said they are increasing or have increased their IT budgets, calling out the COVID-19 pandemic and technology as driving forces. Other notable findings include:

  • In The Dark: More than one-third (35%) of surveyed leaders do not know how much of their company’s budget is spent on cybersecurity.
  • Bicameral Opinion: While 91% of respondents agree that their customers do care about cybersecurity, 48% also believe their customers do not care about cybersecurity.
  • Inaction: Nearly all (96%) companies say they value the importance of security systems to protect their data, and 85% agree that their customers would be more satisfied if they had extra security measures in place. Yet, half (50%) have either not increased their IT security budget or decreased their budget since 2019.
  • Show Me The Money: Still, companies are divided on what precautions and guidance are worth the cost. Four-fifths (83%) of companies who do use a third-party to manage and secure information say this option is “more cost-effective” for their business, while half (51%) of companies who do not use a third-party supplier cite it as being “more costly” than their current process.
  • Checking The Box? Almost all merchants (91%) are very or extremely confident that their company adequately trains end-users, relying on conferences and seminars (71%) to keep them trained and engaged. Notably, small (92%) and medium (95%) merchants are significantly more confident than their large (79%) counterparts, where the most common form of end-user engagement comes from training videos (82%).
  • Looking for a Leader: A majority of companies (87%) say they would welcome involvement from the U.S. government to fight cybersecurity threats as well as enhance policy (84%). Large merchants (threats-76%, policy-74%) and retail companies (threats-81%, policy-75%) are significantly less likely to want the U.S. government involved.

Featured

  • Bringing New Goods to Market

    The 2024 version of GSX brought with it a race to outrun incoming hurricane Helene. With it’s eye on Orlando, it seems to have shifted and those security professionals still in Orlando now have a fighting chance to get out town. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 3 Recap

    And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 2 Recap

    Day 2 was another winner at GSX 2024 in Orlando. Aisles and booths were packed with attendees looking at some of the new and latest security technology. Remember to follow the GSX Live page from Security Today, as well as SecurToday on X and Security Today on LinkedIn to find out more about what’s happening on the show floor during tomorrow’s final day. Here’s what was happening with all four of our partners during the event on Tuesday. Read Now

    • Industry Events
    • GSX

  • How Much Carbon is Your Footprint Leaving?

    A more sustainable future is not only shared responsibility, it is increasingly critical. Securitas, is inviting clients and industry partners to make a difference in an ever-evolving world that faces diverse sustainability challenges. Read Now

    • Industry Events
    • GSX
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3