Managing Growing Retail and Consumer Risk in Tandem with Increased Innovation and Cybersecurity

As digital transformation becomes a core part of overall strategy, retail and consumer products companies should prioritize threat-based cybersecurity. Threat-based cybersecurity is a forward-looking, predictive approach. Instead of (or in addition to) focusing solely on protecting critical data assets or following the basic script of a generic cyber program, threat-based cybersecurity concentrates on investments in the most likely risks and attack points based on an organization’s unique threat profile.

For example, this framework looks different for a pure play e-commerce entity than for a hybrid e-commerce or specialty retailer because the most likely attack vectors are different for each. Threat-based cybersecurity approaches go hand in hand with innovation, as security serves as the backbone to digital transformation—and can even be an innovation catalyst.

Protecting Data is Paramount in Achieving Personalized Shopping Objectives

Retail and consumer products companies have undergone major shifts worldwide due to capitalizing on consumer data as the first step to achieving personalized shopping. But cyber risks grow as data sharing increases. If organizations in the business are going to sustainably innovate around online shopping, they must be able to safely store and analyze consumer data. Implementing threat-based cybersecurity in conjunction with Payment Card Industry (PCI) standards will be their lifeline and offer them a competitive advantage.

Understanding the Requirements of PCI and the Cost of Compromised Data

There are multiple methods to secure information.  There are also mandated requirements for protecting information, such as the Payment Card Industry (PCI) framework. If your organization provides technology solutions or services to other organizations; executes transactions using credit card data (process, transmit, or store); or could affect the security of the data that is processed, transmitted or stored (i.e. service providers)—then you are required to comply with the PCI requirements to some level.

Organizations at Risk

  • Retail and consumer products organizations
  • Data centers
  • Software as a Service (SaaS) solutions
  • Infrastructure as a Service (IaaS) solutions
  • Hosting providers who offer managed/out-sourced services
  • eCommerce providers

Business Costs of Compromised Data

  • Fines as determined by the payment brands
  • Increased processing fees
  • Removal of your ability to accept payment cards
  • Legal costs and settlements
  • Loss of customer confidence in your organization

The world we live in requires cost-effective cyber risk management with a PCI component. Retail and consumer products companies should take a holistic approach—making good data security practices and protection part of their overall digital transformation strategy.

Implementing Threat-Based Cybersecurity Including PCI Standards

Is your data secure? Is your customers’ data secure? Ultimately, implementing a cost-effective cybersecurity framework includes careful consideration of your risk profile, understanding which digital assets are most critical to protect, and determining your resiliency when incidents do occur.

Once your organization has a better understanding of not just the cyber-attack threats you are encountering, but your email and network vulnerabilities, and the level of real cyber risk you are facing, you can then make an informed business investment decision to implement an appropriate threat-based cybersecurity risk management program that fits your respective security needs, schedule, and budget.


Contact Us


This article originally appeared on BDO USA, LLP’s “BDO Knows Alert: Retail (Managing Retail Risk) – October 2019
By: Natalie Kotlyar
Copyright © 2019 BDO USA, LLP.
All rights reserved.

Latest News

road with cars and sunset

IRS Increases Mileage Rate For Second Half of 2022

On June 9, the IRS released Announcement 2022-13, which modifies Notice 2022-3, by revising the optional standard mileage ...


New Schedules K-2 and K-3 for Passthrough Entity Tax Returns

At the tail end of 2021, the Internal Revenue Service (IRS) released new Schedules K-2 and K-3 effective ...

The Build Back Better Act – Update

This information is current as of Sunday, November 21, 2021. On Friday, November 19, 2021, after the Congressional ...

HM&M Updates

Pearl Balsara Breaks Attendance Record at Financial Planning Association of DFW Annual Conference

Last month, Senior Manager, Pearl Balsara was invited to speak at the 2023 FPA DFW Annual Conference in ...

HM&M Excellence Awards

We are pleased to announce the winners of the 2022 HM&M Excellence Awards. Ronna Beemer, Keith Phillips, and ...

HM&M Keep on Keepin’ on Awards

Huselton, Morgan and Maultsby is composed of a spectacular team of individuals. During our annual What’s Happening Meeting, ...

Payments Client Portal