Despite High Confidence in Their Risk Assessment Capabilities, Study Finds a Third of Companies Have Been Breached, and 89% Have Been Hit Multiple Times
PHILADELPHIA, PA November 11th, 2021 – New data released today by Cornell University’s Center for Hospitality Research and FreedomPay, a global leader in data-driven commerce, reveals that while nearly all (96%) surveyed retail, restaurant and hospitality stakeholders are confident in their companies’ internal risk assessment processes, their satisfaction (95%) in the security of their systems is misaligned with reality, as one-third of companies (31%) have experienced a data breach in their company’s history. Of companies that have been breached, 89% have been hit more than once in a year, and 69% of retail businesses have been breached upwards of three times in a year.
Check Please! How Restaurant, Retail and Hospitality Businesses are Managing Cybersecurity Risks – a joint study between Cornell and FreedomPay – is based on a new survey of small, medium, and large-size enterprises across the hospitality, retail, and food and beverage sectors.
“Especially over the past two years, cybersecurity has been top of mind for businesses as we navigate a highly complex eCommerce network,” said Chris Kronenthal, President of FreedomPay. “Retailers and hospitality businesses increasingly view their payments systems as more than transaction processing – they are important sources of data and customer insights. Merchants and consumers alike need the assurance that this data is being protected and managed properly.”
“These findings provide a baseline understanding of how key decision-makers are handling cybersecurity issues and offer key insights for optimizing and fortifying systems as we continue down this path of accelerated digital transformation,” said Professor Linda Canina, the Dr. Michael Dang Director of the Center for Hospitality Research at the Cornell Peter and Stephanie Nolan School of Hotel Administration.
Threats Are Rising, Complexity Abounds
With new cyber threats emerging daily both internally and externally, business leaders are juggling a full slate of concerns and challenges. Threats such as payment integrity (59%) and malware (58%) are the most cited concerns, with risk management (57%) cited as the biggest challenge leaders say their systems face. Companies also fear internal threats, with hospitality companies most frequently citing human error (86%) and lack of employee education (81%) as negatively impacting cybersecurity systems.
Businesses’ best efforts to protect themselves and customers are spurring growing complexity and system proliferation. The findings revealed three-quarters (74%) of companies use more than one cybersecurity system. Medium merchants (80%) are significantly more likely than small merchants (67%) to use more than one system. More than half of companies (56%) have many cybersecurity systems in many locations. Overall, companies are split on whether systems are governed by a single department (51%) or multiple (49%). Small merchants (57%) are significantly more likely to keep governance to one department, while large merchants (63%) are significantly more likely to have multiple departments involved.
Roadblocks Remain
Businesses are challenged to balance security with customer preferences, with many implementing heightened cybersecurity measures to make their customers feel more secured and reassured when making a purchase. The study found that 91% of companies believe their customers deeply care about cybersecurity while 86% believe it increases customer loyalty. Yet, companies acknowledge the inherent tradeoffs – namely, two-thirds (65%) of leaders believe that customers are annoyed by extra security measures, and they want systems to be easy to use (67%).
Budgetary concerns may also play a factor in determining any potential system enhancements – among the few (15%) that currently do not have plans to enhance their system, they are most likely to cite preventative costs (61%) and an unwillingness to have a disruption in service (52%).
Despite these roadblocks, companies have said they are increasing or have increased their IT budgets, calling out the COVID-19 pandemic and technology as driving forces. Other notable findings include:
- In The Dark: More than one-third (35%) of surveyed leaders do not know how much of their company’s budget is spent on cybersecurity.
- Bicameral Opinion: While 91% of respondents agree that their customers do care about cybersecurity, 48% also believe their customers do not care about cybersecurity.
- Inaction: Nearly all (96%) companies say they value the importance of security systems to protect their data, and 85% agree that their customers would be more satisfied if they had extra security measures in place. Yet, half (50%) have either not increased their IT security budget or decreased their budget since 2019.
- Show Me The Money: Still, companies are divided on what precautions and guidance are worth the cost. Four-fifths (83%) of companies who do use a third-party to manage and secure information say this option is “more cost-effective” for their business, while half (51%) of companies who do not use a third-party supplier cite it as being “more costly” than their current process.
- Checking The Box? Almost all merchants (91%) are very or extremely confident that their company adequately trains end-users, relying on conferences and seminars (71%) to keep them trained and engaged. Notably, small (92%) and medium (95%) merchants are significantly more confident than their large (79%) counterparts, where the most common form of end-user engagement comes from training videos (82%).
- Looking for a Leader: A majority of companies (87%) say they would welcome involvement from the U.S. government to fight cybersecurity threats as well as enhance policy (84%). Large merchants (threats-76%, policy-74%) and retail companies (threats-81%, policy-75%) are significantly less likely to want the U.S. government involved.
Click here to download the report.
Methodology
The survey was conducted by Hanover Research and included 300 respondents for small, medium, and large-size enterprises across hospitality, retail, and food & beverage spaces.
About FreedomPay
FreedomPay’s Next Level Commerce™ platform transforms existing payment systems and processes from legacy to leading edge. As the premier choice for many of the largest companies across the globe in retail, hospitality, lodging, gaming, sports and entertainment, foodservice, education, healthcare and financial services, FreedomPay’s technology has been purposely built to deliver rock solid performance in the highly complex environment of global commerce. The company maintains a world-class security environment and was first to earn the coveted validation by the PCI Security Standards Council against Point-to-Point Encryption (P2PE/EMV) standard in North America. FreedomPay’s robust solutions across payments, security, identity, and data analytics are available in-store, online and on-mobile and are supported by rapid API adoption. The award winning FreedomPay Commerce Platform operates on a single, unified technology stack across multiple continents allowing enterprises to deliver an innovative Next Level experience on a global scale. www.freedompay.com
About Cornell Center of Hospitality Research
Cornell’s Center for Hospitality Research (CHR) was created in 1992 for the purpose of expanding both the quality and volume of research supporting the hospitality industry and its related service industries. The CHR’s mission is to advance hospitality thought leadership by publishing and disseminating impactful and actionable research that industry leaders can put into practice today; facilitating the exchange of new ideas by bringing students, faculty, and industry professionals together at roundtables, panels, conferences, and other engaging events; and partnering with the other Centers and Institutes in the Cornell Nolan School of Hotel Administration to maximize research, event, and networking collaborations.
Media Contact
Hill+Knowlton Strategies for FreedomPay