Between the holiday shopping season now being in full swing and the growing number of retailers hit with data breaches Tripwire was surprised that a recent survey it conducted found a large percentage of retailers still had no data breach response plan in place.
However, overall the retailers questioned had increased their ability to handle a cybersecurity problem and protect customer information.
The survey of 103 retailer IT security staffers found that only 28 percent had a fully tested, 51 percent had a plan but it was untested and 21 percent reported that their organization did not even have a plan.
“Considering the amount of high-profile data breaches that have occurred recently, plus the continued discussion around GDPR, it is surprising and concerning that many retailers do not have a tested plan in the event of a security breach,” said Tim Erlin, Tripwire's vice president of product management and strategy.
On the bright side 79 percent reported that if a breach took place they did have the ability to warn customers of the problems within 72 hours, as required by the GDPR. Only 3 percent said they would not be able to notify customers at all.
There was other good news, 51 percent of the retailers would characterize their ability to protect customer data as good with another 19 percent rating themselves excellent at this task. Twenty-one percent said they were adequate while 9 percent considered their ability inadequate.
More than half, 57 percent, said that in the last 18 months their company had increased its ability to detect and respond to a security breach and 79 percent would characterize their ability to locate their customer data as at least good.
One area that the respondents felt still needs improvement was funding. Only 36 percent said their security budget had increase with another 53 percent saying it had, but only marginally. Eleven percent reported a significant increase in funding.