Retail's Biggest Threat Isn't Shoplifting, It’s Cyber-Related Attacks

New Report Reveals: Identity Fraud and Authentication Breaches Costing Retailers Millions in Lost Revenue, Recovery Expenses, and Damaged Reputation

NEW YORK, NY – November 25, 2024 — With the 2024 holiday shopping season rapidly approaching, HYPR, the Identity Assurance company, is cautioning retailers about the devastating impact of identity-related breaches on holiday-sales, customer loyalty and long-term financial stability.

Based on a survey of nearly 400 IT security decision-makers and retail customers, HYPR’s latest spotlight report, 'The Unexpected Impact of Identity Security on Shopping Habits,' exposes a concerning gap in authentication practices and underscores the heightened awareness of security risks among today's consumers. The most ominous findings were that 58% of retail organizations experienced at least one authentication-related breach and 65% were victims of identity fraud over the last 12 months.

“This holiday season, retailers are facing a perfect storm of increased online traffic and heightened security risks. Our latest report reveals a critical need for stronger authentication measures to protect consumers and prevent breaches that can severely impact revenue and brand reputation,” said Bojan Simic, CEO and Co-founder of HYPR. “Retailers need to understand that security is no longer just an IT issue; it's a business imperative. Failing to protect customer data can have devastating consequences.”

HYPR-2024-Retail-Identity-Security-Infographic

The situation is dire: 89% of retailers surveyed by HYPR faced a cyberattack over the last 12 months, with more than eight in ten (83%) going on to suffer breaches. Even more alarming, these retailers experienced multiple breaches – three on average – highlighting the persistent and escalating nature of these threats. When unpacking the details of these breaches, results revealed:

  • 78% were breached via credential misuse or authentication vulnerabilities
  • Phishing as a means for credential misuse, continues to dominate as the leading attack vector with 35% falling victim, credential stuffing (26%) and identity impersonation (27%) remain in the top five
  • A third (32%) of retail organizations experienced ransomware
  • 41% did change their authentication methods following a breach

Lost Customers, Lost Revenue, The High Price of Insecurity

The constant barrage of cyberattacks is not only costly but also erodes consumer trust and jeopardizes bottom line performance. In fact, retailers have suffered losses of up to $6.27 million in the last year alone due to insecure authentication methods. An alarming amount given financial institutions reported $4.57 million during the same period.

But, in retail where consumer choice is abundant and switching costs are low, reputational damage is often the most impactful threat to company success. For example, 35% of the companies breached lost customers to a competitor and 25% suffered reputational damages. Customers are becoming more vocal in their demands for robust security measures, prioritizing retailers who can demonstrate a commitment to protecting their data and privacy. The majority (85%) are also pointing the finger at the Government, insisting that more regulations are needed to protect consumer data. In saying so:

  • 88% of customers demand retailers have strong security protocols to protect their personal information
  • Nearly all respondents were concerned with shopping online, listing credit card theft (88%) as their main concern, followed by identity theft (74%), and stolen login credentials (70%)
  • Regardless of age or demographic, 81% would cease shopping a retailer if they had a breach
  • When looking for strong protection measures, over three quarters of customers would choose a retailer that offers passkeys

About HYPR 

HYPR, the leader in passwordless identity assurance, delivers the industry's most comprehensive end-to-end identity security for your workforce and customers. By unifying phishing-resistant passwordless authentication, adaptive risk mitigation, and automated identity verification, HYPR ensures secure and seamless user experiences for everyone.

Trusted by organizations worldwide, including two of the four largest US banks, leading manufacturers, and critical infrastructure companies, HYPR secures some of the most complex and demanding environments globally.

Media
Fabienne Dawson
fabienne@hypr.com
917.374.6860

Related Content