Retail

Retailers are prime targets for cyber criminals as retailers transmit and store large amounts of consumer and employee information including credit card data. Point of sales systems are an easy entry point, especially if point to point end encryption is not implemented properly. Once such a breach occurs, compulsory data breach notification laws will ensure that the public knows about the event, posing a significant risk to the retailer’s reputation and brand.

Commerce without credit and debit card payments is unimaginable. Whether at the point-of-sale, online, or through a call center, the retail industry processes a staggering volume of credit card transactions. A breach of credit card information, which the card brands frequently detect before the organization even suspects any foul play, can result in fines, penalties, mandated computer forensic costs, legal fees, and worst of all, the inability to process payments.

The publicity and customer dissatisfaction that surround a cyber breach have spurred a wave of class action complaints against retailers big and small. Enterprising plaintiffs’ lawyers relying on a variety of privacy laws have filed complaints seeking billions of dollars in damages. The risk of crippling damages, and the sizeable costs of litigation, often push organizations to settle even in the absence of any clear harm to the plaintiffs.

State and federal regulators have made it clear that a significant breach of customer information will result in monetary penalties, onerous corrective action plans, and on-going audits. Whether from the Federal Trade Commission or state attorneys general, the regulatory landscape for retailers carries an immense amount of risk.