Cybersecurity is a top risk concern among retailers, according to a BDO study.
In its Retail Risk Factor Report, BDO cites cybersecurity along with general economic conditions as tied for the number-one risk concern mentioned in the most recent 10-Ks of the 100 largest U.S. retailers. A 10-K is the quarterly reports that public companies filed with the Securities and Exchange Commission. While general economic conditions remained the number-one risk for the last three years, 2016’s study is the first time cybersecurity shared the top spot. Cybersecurity as a risk ranked fourth in 2015 and eighth in 2014. And while it was cited by 100 percent of all respondents, it was noted by just 26 percent at the survey’s inception in 2007. The recent spate of retail breaches beginning in 2013 has raised awareness of the issue.
In the third spot was competition and consolidation in the retail sector. Other key concerns were natural disasters, terrorism and geopolitical events, U.S. and foreign supplier-vendor concerns and impediments to further U.S. expansion and growth.
Shahryar Shaghaghi, national leader of the technology advisory services practice group and head of international BDO cybersecurity, said, “The risk is expanding beyond and above just technology and in the context of EMV chip method of enhancing the authentication payment process. There are other risks that are engaged [such as when] retailers have relationships with third parties.”
Those third parties have access to information from the retailer’s network, such as the personal information of customers that are often considered confidential, he explained. How that information is protected and how a retailer manages that risk are issues that need to be addressed. He also said many companies haven’t even categorized different third-party relationships by risk level, a triaging of sorts, into low, medium and high. And for situations where information is present for divisions that are sold or no longer in operation, attention to how that information is protected or transferred needs to be considered in advance, Shaghaghi said.
The BDO findings from a separate study, the 2016 BDO Retail Compass Survey of CFOs, found that nearly seven in 10 retail chief financial officers said they expected cyber regulation to grow in 2016.
As for competition and consolidation, the RiskFactor study found that the recent wave of Chapter 11 bankruptcy filings have raised concerns in the industry, with 90 percent of retailers worried about impediments to growth and U.S. expansion this year.