Research: 31 Percent of Retail, Restaurant and Hospitality Companies Have Experienced Data Breach

  • Nov 15, 2021

New data released by Cornell University’s Center for Hospitality Research and FreedomPay, a global leader in data-driven commerce, reveals that while nearly all (96%) surveyed retail, restaurant and hospitality stakeholders are confident in their companies’ internal risk assessment processes, their satisfaction (95%) in the security of their systems is misaligned with reality, as one-third of companies (31%) have experienced a data breach in their company's history. Of companies that have been breached, 89% have been hit more than once in a year, and 69% of retail businesses have been breached upwards of three times in a year.

Check Please! How Restaurant, Retail and Hospitality Businesses are Managing Cybersecurity Risks – a joint study between Cornell and FreedomPay – is based on a new survey of small, medium, and large-size enterprises across the hospitality, retail, and food and beverage sectors.

“Especially over the past two years, cybersecurity has been top of mind for businesses as we navigate a highly complex eCommerce network,” said Chris Kronenthal, President of FreedomPay. “Retailers and hospitality businesses increasingly view their payments systems as more than transaction processing – they are important sources of data and customer insights. Merchants and consumers alike need the assurance that this data is being protected and managed properly.”

"These findings provide a baseline understanding of how key decision-makers are handling cybersecurity issues and offer key insights for optimizing and fortifying systems as we continue down this path of accelerated digital transformation," said Professor Linda Canina, the Dr. Michael Dang Director of the Center for Hospitality Research at the Cornell Peter and Stephanie Nolan School of Hotel Administration.

With new cyber threats emerging daily both internally and externally, business leaders are juggling a full slate of concerns and challenges. Threats such as payment integrity (59%) and malware (58%) are the most cited concerns, with risk management (57%) cited as the biggest challenge leaders say their systems face. Companies also fear internal threats, with hospitality companies most frequently citing human error (86%) and lack of employee education (81%) as negatively impacting cybersecurity systems.

Businesses’ best efforts to protect themselves and customers are spurring growing complexity and system proliferation. The findings revealed three-quarters (74%) of companies use more than one cybersecurity system. Medium merchants (80%) are significantly more likely than small merchants (67%) to use more than one system. More than half of companies (56%) have many cybersecurity systems in many locations. Overall, companies are split on whether systems are governed by a single department (51%) or multiple (49%). Small merchants (57%) are significantly more likely to keep governance to one department, while large merchants (63%) are significantly more likely to have multiple departments involved.

Businesses are challenged to balance security with customer preferences, with many implementing heightened cybersecurity measures to make their customers feel more secured and reassured when making a purchase. The study found that 91% of companies believe their customers deeply care about cybersecurity while 86% believe it increases customer loyalty. Yet, companies acknowledge the inherent tradeoffs – namely, two-thirds (65%) of leaders believe that customers are annoyed by extra security measures, and they want systems to be easy to use (67%).

Budgetary concerns may also play a factor in determining any potential system enhancements – among the few (15%) that currently do not have plans to enhance their system, they are most likely to cite preventative costs (61%) and an unwillingness to have a disruption in service (52%).

Despite these roadblocks, companies have said they are increasing or have increased their IT budgets, calling out the COVID-19 pandemic and technology as driving forces. Other notable findings include:

  • In The Dark: More than one-third (35%) of surveyed leaders do not know how much of their company’s budget is spent on cybersecurity.
  • Bicameral Opinion: While 91% of respondents agree that their customers do care about cybersecurity, 48% also believe their customers do not care about cybersecurity.
  • Inaction: Nearly all (96%) companies say they value the importance of security systems to protect their data, and 85% agree that their customers would be more satisfied if they had extra security measures in place. Yet, half (50%) have either not increased their IT security budget or decreased their budget since 2019.
  • Show Me The Money: Still, companies are divided on what precautions and guidance are worth the cost. Four-fifths (83%) of companies who do use a third-party to manage and secure information say this option is “more cost-effective” for their business, while half (51%) of companies who do not use a third-party supplier cite it as being “more costly” than their current process.
  • Checking The Box? Almost all merchants (91%) are very or extremely confident that their company adequately trains end-users, relying on conferences and seminars (71%) to keep them trained and engaged. Notably, small (92%) and medium (95%) merchants are significantly more confident than their large (79%) counterparts, where the most common form of end-user engagement comes from training videos (82%).
  • Looking for a Leader: A majority of companies (87%) say they would welcome involvement from the U.S. government to fight cybersecurity threats as well as enhance policy (84%). Large merchants (threats-76%, policy-74%) and retail companies (threats-81%, policy-75%) are significantly less likely to want the U.S. government involved.

Featured

  • Hot AI Chatbot DeepSeek Comes Loaded With Privacy, Data Security Concerns

    In the artificial intelligence race powered by American companies like OpenAI and Google, a new Chinese rival is upending the market—even with the possible privacy and data security issues. Read Now

  • Survey: CISOs Increasing Budgets for Crisis Simulations in 2025

    Today, Cyber Performance Center, Hack The Box, released new data showcasing the perspectives of Chief Information Security Officers (CISOs) towards cyber preparedness in 2025. In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, TfL, 23andMe, and Cencora, CISOs are reassessing their organization’s readiness to manage a potential “chaos” of a full-scale cyber crisis. Read Now

  • Human Risk Management: A Silver Bullet for Effective Security Awareness Training

    You would think in a world where cybersecurity breaches are frequently in the news, that it wouldn’t require much to convince CEOs and C-suite leaders of the value and importance of security awareness training (SAT). Unfortunately, that’s not always the case. Read Now

  • Windsor Port Authority Strengthens U.S.-Canada Border Waterway Safety, Security

    Windsor Port Authority, one of just 17 national ports created by the 1999 Canada Marine Act, has enhanced waterway safety and security across its jurisdiction on the U.S.-Canada border with state-of-the-art cameras from Axis Communications. These cameras, combined with radar solutions from Accipiter Radar Technologies Inc., provide the port with the visibility needed to prevent collisions, better detect illegal activity, and save lives along the river. Read Now

Most   Popular

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.