<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
Cyber Risks

Data Breaches Within the Retail and Hospitality Industries

Ryan Heitsmith | November 28, 2017

The holiday season is upon us, with consumers hastily laying travel plans between time spent browsing for gifts for loved ones. During this season, a few also remember that major retail breaches have long-lasting and far-reaching effects with settlements dragging into the years and occasionally costing companies up to billions of dollars.

More recently, the public has become acquainted with point of sale (POS) breaches impacting large hotel and restaurant chains, sometimes compromising millions of consumer payment cards. Risking accusations of grinchlike behavior, BitSight researchers turned a discerning eye on the Retail and Hospitality industries to gain an understanding of their security performance.


Figure 1

Figure 1 displays the number of breaches that BitSight has categorized from month to month within the Retail and Hospitality industries between 2015 and 2016. For ease of comparison we have highlighted November and December in each year. It is readily apparent that both industries exhibit a sporadic breach pattern with spikes and lulls at particular points throughout the year. Retail experiences fewer incidents than Hospitality (with a few months standing out as exceptions). What is particularly surprising is that both industries show a slight decline in security events during the holidays. It is possible that controls and security practices are stepped up as the holidays approach, or that companies are simply too busy during this season to report breaches as they occur (this might also explain spikes early in the year).


Figure 2

BitSight’s examination of Retail and Hospitality also revealed significant differences in breach types experienced by companies in each industry. Figure 2 shows that the Hospitality industry outpaced Retail for percentage of breaches flagged as point of sale (POS) attacks while lagging slightly behind in all other categories. Both industries are commonly regarded as ripe targets for POS attacks due to the large amount of brick-and-mortar locations with exploitable payment terminals, however, retail saw a more uniform distribution of breach types with the exception of Web Application Compromise, which makes up over 25% of the incidents observed. Hospitality companies would do well to take specific actions to address their risk of POS attack such as monitoring endpoint security and ensuring data is safe behind properly configured firewalls.

The holidays result in increased revenue for large retailers and hotel chains. This increase in business can tempt attackers and it is important for businesses in all industries to proactively mitigate risk to avoid making next year’s holiday breach report.

Learn how BitSight Security Ratings enables cabela's to streamline vendor risk management and improve security posture.

BitSight Vendor Risk Management Case Study Cabela's

Suggested Posts

BitSight Research Highlights Financial Services Security Ratings in the United Kingdom

Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs...


3 Cybersecurity Risk Factors Financial Institutions Often Overlook

With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to...


BitSight Releases New VPNFilter & Oracle Weblogic Vulnerability Identification Filters

Within the BitSight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. BitSight now enables users to identify...


Subscribe to get security news and updates in your inbox.