Determined to fight back, the first step retailers are taking to protect sensitive customer information is adopting point-to-point (P2P) encryption and tokenization. These processes are believed by more than half (53%) of retailers to effectively de-identify credit card data throughout the payment process

Nearly half (45%) of retailers still lack full confidence in cloud security and 14% still only trust the cloud with non-sensitive, less-coveted information. Only 24% of retailers are confident about adopting cloud-based technologies and moving forward with full speed ahead.

P2P encryption is a top priority with 53% of retailers saying they are up to date and another 30% upgrading now. E-commerce is another heavy investment area where 53% say their technology is up to date and another 33% working on improvements now.

While the EMV mandate’s October 2015 deadline is a distant memory only a meager 29% of retailers say it is fully implemented. The good news is another 55% plan to be compliant within 12 months, and among these companies, 19% plan to improve EMV compliancy with tokenization and P2P encryption.

More than one-third (32%) of retailers say they increased spending on security between 2% and 5% compared with last year. Another 10% increased their security budgets between 5% and 10%.

7/19/16By Joe SkorupaIn today’s treacherous cybersecurity environment retailers are continually upgrading their security solutions, but since this is the retail industry they face unique obstacles. Like it or not, a large chunk of the security budget must be focused on the Europay, MasterCard, Visa (EMV) mandate and Payment Card Industry Data Security Standard (PCI DSS) compliance. Without these requirements retailers might have chosen to invest more heavily in such critical areas as perimeter and mobile network protection, but due to budget limitations security priorities are dangerously misaligned.No doubt, today’s high-stakes security challenges can seem too large, too broad and too numerous for even the most well-funded IT departments. But, according to the recent RIS Custom Research study, “Business-Driven Security, ” the problem is exacerbated by standards and technologies that are required by external agencies under threat of fines and exposure to lawsuits.Left alone, retailers might have chosen to invest more heavily in two of the lowest ranked areas of expertise in today’s retail organization: just 13% of retailers say they are at an advanced level in mobile application security and just 16% say they are advanced in perimeter protection.The reasons retailers haven’t chosen to focus on these areas are, of course, PCI and EMV, which have produced the result sought by external agencies: 40% of retailers say they are at an advanced level expertise for PCI compliance and 35% for EMV. Both of these numbers are up from levels recorded last year in a similar RIS Custom Research report (“Security First Strategies” ). At that time an advanced level of PCI was claimed by 35%, and advanced EMV claimed by 23%.The hacker’s chief weapon is continuous iteration, evidence of which we can clearly see by looking at the top three areas cited by retailers as posing the greatest security risk.Last year, the top three areas of greatest security risk were: hackers using unauthorized credentials (chosen by 51%), internal misuse (51%), and partner/third-party risk (43%).None of these areas appear on this year’s top-three list, which now includes malware (58%), point-of-sale (POS) intrusions (55%), and credit card skimming (52%).As retailers grow increasingly digital to keep pace in the omnichannel race, they become even more susceptible to cyber-thieves. While cyber-criminals’ favorite entry points last year were POS software and in-store Wi-Fi (51%, respectively) followed by the Worldwide Web (49%), this year’s list includes some changes. POS software still tops the list (74%), however retailers have become increasingly concerned with POS hardware (45%) and in-store Wi-Fi networks (42%).Additional findings in the study include:While retailers are allocating more technology budgets to their security strategies, a significant portion of funds remains focused on supporting the EMV mandate and PCI DSS compliance. These investments are necessary in the battle against hackers, but they are not a complete solution.The answer is to adopt a strategy of continuous investment and improvement aligned with a clear roadmap that ensures all security components work together seamlessly. This is one area where you don’t want to leave gaps.(For a complete set of findings and charts for the recent "Business-Driven Security" RIS Custom Research report click here.