naughty or nice: the holidays put security practices of merchants to the test
TRANSCRIPT
52% 45%
What about Compliance with Payment Card Industry Security Standards (PCI)10?
YEAR OVER YEAR IMPROVEMENTS BUT...
$616.9BillionTotal Sales
4.1%hSales
Increase Over 2013
8-11%hOnline Sales
Growth
$400 Million Spent Mobile & Tablet4
18%h Increase on Desktop
Computers3
73.7%PAY WITH PLASTIC
26.9%hIncrease from last year
Would Consumers Shop at a Store after a Breach?
FULL COMPLIANCE WITH ALL 12 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS
2012 = 7.5% 2013 = 11.1%
ORGANIZATIONS SUFFERING
BREACHES WERE COMPLIANT
WITH REQUIREMENT 11
13.2%
SOURCES1: https://nrf.com/media/press-releases/optimism-shines-national-retail-federation-forecasts-holiday-sales-increase-41 and https://www.comscore.com/Insights/Press-Releases/2014/1/2013-Holiday-Season-US-Desktop-ECommerce-Spending-Reaches-Record-465-Billion-Up-10-Percent-vs-Year-Ago) 2: http://www-01.ibm.com/software/marketing-solutions/benchmark-reports/black-friday-report-2013.pdf and http://www-01.ibm.com/software/marketing-solutions/benchmark-reports/benchmark-2013-cyber-monday.pdf 3: https://www.comscore.com/Insights/Press-Releases/2014/1/2013-Holiday-Season-US-Desktop-ECommerce-Spending-Reaches-Record-465-Billion-Up-10-Percent-vs-Year-Ago4: http://www.juniperresearch.com/viewpressrelease.php?pr=419
5: http://useconomy.about.com/od/demand/f/Black_Friday.htm6: http://www.creditcards.com/credit-card-news/shopping-after-breach.php 7: http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html (11/3/14)8: Ponemon Institue, 2014 Cost of Data Breach Study: United States, page: 29: PWC, Global State of Information Security Survey 2015, page 1010: http://www.nytimes.com/2014/08/06/business/target-puts-data-breach-costs-at-148-million.html11: http://www.bizjournals.com/twincities/news/2014/01/31/targets-breach-costs-billion-dollars.html?page=all12: http://www.pwc.com/gx/en/consulting-services/information-security-survey/key-findings.jhtml13: Verizon 2014 PCI Compliance Report, pages: 14, 39
IT & INFOSEC TEAMS GET BUSY
Catching up on time-consuming system updates and patching projects, getting ready for compliance audits, and resolving to do better in 2015
Tenable Network Security® provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data. tenable.com/2015-resolutions
AND MORE COSTLY... $246
PER COMPROMISED
RECORD8
AVERAGE FINANCIAL LOSS FROM CYBERCRIME9
2013 = $3.9 Million
2014 = $5.9 Million
What is the Cost of a Breach?10 What About Fraud Penalties?11
$148 Million
$240 Million $2+ Billion
Target
Banking Banking
$1+ BillionTarget
2013 = $4.3 MILLION 2014 = $4.1 MILLIONBy Spending Less on Security?!
ARE THE SECURITY PRACTICES OF
RETAILERS NAUGHTY OR NICE THIS HOLIDAYSEASON?
© 2014 Tenable Network Security® All Rights Reserved