Managing Growing Retail and Consumer Risk in Tandem with Increased Innovation and Cybersecurity

As digital transformation becomes a core part of overall strategy, retail and consumer products companies should prioritize threat-based cybersecurity. Threat-based cybersecurity is a forward-looking, predictive approach. Instead of (or in addition to) focusing solely on protecting critical data assets or following the basic script of a generic cyber program, threat-based cybersecurity concentrates on investments in the most likely risks and attack points based on an organization’s unique threat profile.

For example, this framework looks different for a pure play e-commerce entity than for a hybrid e-commerce or specialty retailer because the most likely attack vectors are different for each. Threat-based cybersecurity approaches go hand in hand with innovation, as security serves as the backbone to digital transformation—and can even be an innovation catalyst.

Protecting Data is Paramount in Achieving Personalized Shopping Objectives

Retail and consumer products companies have undergone major shifts worldwide due to capitalizing on consumer data as the first step to achieving personalized shopping. But cyber risks grow as data sharing increases. If organizations in the business are going to sustainably innovate around online shopping, they must be able to safely store and analyze consumer data. Implementing threat-based cybersecurity in conjunction with Payment Card Industry (PCI) standards will be their lifeline and offer them a competitive advantage.

Understanding the Requirements of PCI and the Cost of Compromised Data

There are multiple methods to secure information.  There are also mandated requirements for protecting information, such as the Payment Card Industry (PCI) framework. If your organization provides technology solutions or services to other organizations; executes transactions using credit card data (process, transmit, or store); or could affect the security of the data that is processed, transmitted or stored (i.e. service providers)—then you are required to comply with the PCI requirements to some level.

Organizations at Risk

  • Retail and consumer products organizations
  • Data centers
  • Software as a Service (SaaS) solutions
  • Infrastructure as a Service (IaaS) solutions
  • Hosting providers who offer managed/out-sourced services
  • eCommerce providers

Business Costs of Compromised Data

  • Fines as determined by the payment brands
  • Increased processing fees
  • Removal of your ability to accept payment cards
  • Legal costs and settlements
  • Loss of customer confidence in your organization

The world we live in requires cost-effective cyber risk management with a PCI component. Retail and consumer products companies should take a holistic approach—making good data security practices and protection part of their overall digital transformation strategy.

Implementing Threat-Based Cybersecurity Including PCI Standards

Is your data secure? Is your customers’ data secure? Ultimately, implementing a cost-effective cybersecurity framework includes careful consideration of your risk profile, understanding which digital assets are most critical to protect, and determining your resiliency when incidents do occur.

Once your organization has a better understanding of not just the cyber-attack threats you are encountering, but your email and network vulnerabilities, and the level of real cyber risk you are facing, you can then make an informed business investment decision to implement an appropriate threat-based cybersecurity risk management program that fits your respective security needs, schedule, and budget.


Contact Us


This article originally appeared on BDO USA, LLP’s “BDO Knows Alert: Retail (Managing Retail Risk) – October 2019
By: Natalie Kotlyar
Copyright © 2019 BDO USA, LLP.
All rights reserved.

Latest News

Recently-Enacted SECURE Act Makes Far-Reaching Changes to Inherited IRAs

HM&M Recommends that You Take Immediate Actions   Overview The Setting Every Community Up for Retirement Enhancement Act ...

Highlights of Spending Package’s Tax Law Changes

2019 Tax Law Change Update Highlights of spending package’s tax law changes The federal government spending package titled ...

person looking at map for guidance

The IRS Issues More Guidance On The New Section 199A Pass-Through Deduction

In the late afternoon on Friday, January 18, 2019, the IRS issued in rapid-fire succession four documents concerning ...

HM&M Updates

Randy Garcia Named Shareholder

HM&M is pleased to announce Randy Garcia was named Shareholder of the firm effective January 1, 2020.  Thank ...

Anat Borodyansky Named Shareholder

HM&M is pleased to announce Anat Borodyansky was named Shareholder of the firm effective January 1, 2020.  Thank ...

Michelle Boozer Named Shareholder

HM&M is pleased to announce Michelle Boozer was named Shareholder of the firm effective January 1, 2020.  Thank ...