Verizon: Retailers see significant mobile security threat

Dan Berthiaume
Senior Editor, Technology
Dan Berthiaume profile picture

The new Verizon Mobile Security Index reveals that retailers hold numerous mobile security concerns.

According to the 2020 edition of the Index, 83% of retailers said that mobile devices are critical to the smooth running of their organization. However, 87% said that a mobile security compromise could have a lasting impact on customers’ loyalty to their brand, and 30% admitted to having suffered a compromise involving a mobile device in the past year. This figure is almost unchanged from the percentage of retailers who admitted a mobile compromise in the past year in the 2019 Index.

Despite widespread mobile security concerns, 40% of retailers admitted they had sacrificed security to “get the job done.” Retailers that said they had sacrificed security were 1.5 times more likely to have suffered a breach.

When retailers were asked to cite their biggest mobile security concerns, malware (92%) and phishing (90%) were the two most popular responses, followed by ransomware (85%), device loss (83%), cryptojacking (79%), and rogue apps (76%).

Retailers who expressed these concerns were most likely to say they were not prepared for device loss (23%) and malware (22%), followed by ransomware (20%), cryptojacking (17%), rogue apps (13%), and phishing (12%). Responses indicated that despite near-universal concern over phishing, most retailers feel prepared to combat it.

Almost eight in 10 (77%) of retailers rated the risk of mobile device threats to their business as moderate to significant. While retailers said they were concerned about downtime and delays to their supply chains, more (71%) said that they were worried about the theft of customer data. And an even greater proportion (74%) said they were concerned about staff records being compromised. 

While 88% of retailers said their frontline staff use mobile devices, only 37% said that these employees have a high level of cybersecurity awareness. And only 45% said that they gave staff ongoing training on cybersecurity, even though 78% of retailers said they think their employees are the greatest risk when it comes to mobile devices.  

To investigate the specific risks of mobile Internet of Things (IoT) devices, Verizon interviewed an additional group of retail sector professionals responsible for the procurement, management and security of these devices. Eighty-seven percent of them said their business is at risk from attacks targeting IoT devices, rating the threat moderate to significant. And 47% said they had already suffered a compromise involving an IoT device, over 50% more than said the same about other mobile devices. 

Despite their fears, 33% said they had sacrificed IoT security to “get the job done,” with 80% saying that time pressure was behind the decision. Twenty-seven percent said that IoT device security isn’t a priority for version 1.0 of IoT; it’s something they can “worry about later.

Verizon contracted an independent research company to survey senior professionals responsible for the procurement, management and security of mobile devices. In total, 876 people responded—over 8% of whom were from retail organizations. This includes retail, travel and hospitality companies of all sizes.