US retailers are facing increased pressure to spend more on cyber security, as the reliability of their online service remains at stake following a number of cyber attacks including one at the third largest retailer, Target Corp.
Spending by US retailers in 2014 for security is expected to be $720.3m (£441.7m, €532.9m), an increase of 5.7% from last year, Reuters reported citing technology advisory firm IDC Retail Insights. Total technology-related spending by retailers this year is expected to hit $36.34bn.
Retail spending on overall technology was expected to rise 4% annually between 2012 and 2017, but US stores spend roughly 2% of their technology budgets on security, according to IDC Retail Insights.
While they are very enthusiastic in spending millions of dollars to boost their online presence, the merchants have not spent enough to protect customer data, security experts and IT service providers told the news agency.
Most retailers are just meeting the basic standards set by the payment card industry, and are vulnerable to sophisticated cyber attacks, according to experts.
"Retailers have to assume that they are constantly being targeted and actually constantly being penetrated," Eddie Schwartz, a vice president at Verizon Enterprise Solutions, told Reuters.
The retailers are facing pressure to spend more on cybersecurity due to pressure from Congress, consumer groups and the banking industry after the data breach at Target and Neiman Marcus.
There were also reports that at least three other well-known US retailers suffered from cyber attacks, conducted using similar techniques as the one on Target.
The FBI issued a confidential report earlier to retailers detailing risks of a malware that affects point-of-sale systems such as electronic cash registers and card-swiping machines, Reuters reported.
Target Data Breach
Target discovered a major security breach in December 2013. Payment data from about 40 million credit and debit cards were stolen from Christmas shoppers at its stores over 19 days between 27 November and 15 December.
It has since been revealed that a further 70 million customer records with sensitive information such as names, telephone numbers and email addresses were also stolen.
Target has confirmed that cybercriminals used malware installed on Target's point-of-sale (PoS) cash register systems to siphon off the data.
Retailer Neiman Marcus has also disclosed that it suffered a similar cyber attack, but did not reveal the number of customers affected.
Both companies have said federal authorities are investigating the data breach.
Following the attack, Target said it was spending millions of dollars on cybersecurity, including the upgrading of its payment card network to the more secure "chip and PIN" standard by early 2015.
US retailers are facing an October 2015 deadline set by payment networks Visa Inc. and MasterCard Inc. to accept the chip-based payment card system, which is widely used in Europe and Asia. In the new system, payment cards will have tiny microprocessors instead of magnetic strips to store information, making it harder for hackers to use stolen data.