SecurityScorecard releases new research report finding over 90 percent of retailers missing PCI compliance mark

Security Ratings Leader Assesses Retail Industry Vulnerabilities and Points of Exposure 

SecurityScorecard, the leader in security ratings, today announced the release of the company’s newest annual research, The 2018 SecurityScorecard Retail Cybersecurity Report. SecurityScorecard analysed 1,444 domains in the retail industry with digital footprints of 100 or more IP addresses.

The report compares the average SecurityScorecard grade of the retail industry to other vertical markets, highlights the top retail domains and includes unique retail domain information, such as percentages of malware infection discovered, reported breach data, and compliance analysis.

“This year the retail industry’s security posture fell lower than in years past, both in application security and social engineering,” said Fouad Khalil, head of compliance at SecurityScorecard. “To remain competitive, retailers are adopting new payment and digital technologies, exposing them as prime targets for cybercriminals. This report demonstrates the importance of understanding the full retail ecosystem and how the industry is faring when it comes to meeting standard compliance guidelines.”

Global Banking & Finance Jobs
Search Jobs
 

Key Findings:

  • PCI Non-Compliance: Over 90 percent of the retail domains analysed indicated non-compliance with PCI DSS standards.
  • Retail Industry Neglects Application Security: Out of all of the industries monitored by SecurityScorecard, the retail sector scored second to last – a significant drop from 2017.
  • Social Engineering on the Rise: The retail industry ranks last in security measures against social engineering vulnerabilities, a drop from seventh place in last year’s report.
  • Point-In-Time Compliance does not Cut it: Periodic scans for issues and vulnerabilities are not as effective against attacks as real-time monitoring.

“As organisations assess their compliance with PCI DSS, they must be able to detect, remediate and recover from any threats or vulnerabilities adding risk to unauthorised access to CDE,” continued Khalil.

SecurityScorecard continually monitors more than 200,000 businesses across the world and rates them on an easy-to-understand A-F scale. Companies with a C, D, or F rating are 5.4 times more likely to be breached than companies with an A or B rating.

Get your Instant SecurityScorecard to discover how hackers, partners and customers see your organisation.