Managing Growing Retail and Consumer Risk in Tandem with Increased Innovation and Cybersecurity

As digital transformation becomes a core part of overall strategy, retail and consumer products companies should prioritize threat-based cybersecurity. Threat-based cybersecurity is a forward-looking, predictive approach. Instead of (or in addition to) focusing solely on protecting critical data assets or following the basic script of a generic cyber program, threat-based cybersecurity concentrates on investments in the most likely risks and attack points based on an organization’s unique threat profile.

For example, this framework looks different for a pure play e-commerce entity than for a hybrid e-commerce or specialty retailer because the most likely attack vectors are different for each. Threat-based cybersecurity approaches go hand in hand with innovation, as security serves as the backbone to digital transformation—and can even be an innovation catalyst.

Protecting Data is Paramount in Achieving Personalized Shopping Objectives

Retail and consumer products companies have undergone major shifts worldwide due to capitalizing on consumer data as the first step to achieving personalized shopping. But cyber risks grow as data sharing increases. If organizations in the business are going to sustainably innovate around online shopping, they must be able to safely store and analyze consumer data. Implementing threat-based cybersecurity in conjunction with Payment Card Industry (PCI) standards will be their lifeline and offer them a competitive advantage.

Understanding the Requirements of PCI and the Cost of Compromised Data

There are multiple methods to secure information.  There are also mandated requirements for protecting information, such as the Payment Card Industry (PCI) framework. If your organization provides technology solutions or services to other organizations; executes transactions using credit card data (process, transmit, or store); or could affect the security of the data that is processed, transmitted or stored (i.e. service providers)—then you are required to comply with the PCI requirements to some level.

Organizations at Risk

  • Retail and consumer products organizations
  • Data centers
  • Software as a Service (SaaS) solutions
  • Infrastructure as a Service (IaaS) solutions
  • Hosting providers who offer managed/out-sourced services
  • eCommerce providers

Business Costs of Compromised Data

  • Fines as determined by the payment brands
  • Increased processing fees
  • Removal of your ability to accept payment cards
  • Legal costs and settlements
  • Loss of customer confidence in your organization

The world we live in requires cost-effective cyber risk management with a PCI component. Retail and consumer products companies should take a holistic approach—making good data security practices and protection part of their overall digital transformation strategy.

Implementing Threat-Based Cybersecurity Including PCI Standards

Is your data secure? Is your customers’ data secure? Ultimately, implementing a cost-effective cybersecurity framework includes careful consideration of your risk profile, understanding which digital assets are most critical to protect, and determining your resiliency when incidents do occur.

Once your organization has a better understanding of not just the cyber-attack threats you are encountering, but your email and network vulnerabilities, and the level of real cyber risk you are facing, you can then make an informed business investment decision to implement an appropriate threat-based cybersecurity risk management program that fits your respective security needs, schedule, and budget.


Contact Us


This article originally appeared on BDO USA, LLP’s “BDO Knows Alert: Retail (Managing Retail Risk) – October 2019
By: Natalie Kotlyar
Copyright © 2019 BDO USA, LLP.
All rights reserved.

Latest News

person looking at map for guidance

The IRS Issues More Guidance On The New Section 199A Pass-Through Deduction

In the late afternoon on Friday, January 18, 2019, the IRS issued in rapid-fire succession four documents concerning ...

drawing a dollar sign

IRS Says No “Clawback” When Estate and Gift Tax Basic Exclusion Amount Reverts to Old Limits

The Tax Cuts and Jobs Act temporarily doubled the value of assets that can be transferred without triggering ...

Section 199A Proposed Regulations Have Finally Arrived!

On August 8, the Internal Revenue Service issued much-anticipated proposed regulations (REG- 107892-18) (“Proposed Regulations”) concerning the deduction ...

HM&M Updates

HM&M Opens New Office in Frisco, Texas

HM&M is Going North             We are excited to announce our new office ...

Power to the People Networking Event | Panel of Experts including HM&M’s Carmel B. Wood, CPA

Power to the People A luxury happy hour networking event Join Leverage and its special panel of experts ...

HM&M moves up to #18 on the Dallas Business Journal list of top 25 largest accounting firms in north Texas

We are thrilled to continue growing in the Dallas metroplex! HM&M moves up to #18 on the Dallas ...