Cyber attacks are on the rise.
Prime targets are businesses that A) contain sensitive payment data that can be resold on the dark web, and B) are unsophisticated and thus relatively easier to penetrate.
So there’s basically no better poster child for cyber risk than brick and mortar retailers.
Collectively, retailer breaches have cost billions of dollars over the past few years. Cyber analysts believe that the majority of these breaches occurred due to flaws in payment systems – and it’s not as if payment companies are immune to breaches themselves. Some firms have even estimated that as high as 90% of all login attempts on a retailer’s site are made by hackers, not shoppers. Over only the past two years, the major retailer breaches you’ve likely heard something about include:
- Adidas: several million compromised users
- Arby’s: 355,000 compromised cards
- Best Buy
- Darden/Cheddar’s: 567,000 compromised cards
- Forever 21
- Gamestop
- Lord & Taylor
- Macy’s
- Marriott
- Panera
- Saks Fifth Avenue
- Sears/Kmart: 100,000 compromised cards
- Sonic: 5 million compromised cards
- Under Armor: several million compromised users
- Whole Foods
Despite the name recognition of the retailers above, would it surprise you to learn that nearly half of all cybercrime is targeted at SMBs (small-to-midsized businesses)? That’s up from 34% in 2014. But 80% of SMBs have no plan to deal with cybercrime despite the fact that 63% have already fallen victim to a cyberattack. Given that a data breach bankrupts 60% of businesses, could this be a reason why SMB churn is so high?
We are data junkies. We believe data, when intelligently applied, holds all sorts of promises. Which is why we’re keen to point out that cyber crime can be significantly reduced – even for the unsophisticated retailer – with the application of artificial intelligence (AI).
Meet Zeguro. Zeguro helps organizations set up security procedures – think policies, checklists, employee training and device management – and identifies areas of weakness. Monitoring adherence to protocols, Zeguro can preemptively find vulnerabilities and help organizations reinforce them before it’s too late. Even more impressively Zeguro takes a page from the earlier model of Zenefits and uses the data it collects about a business’s cyber security procedures to broker the best cyber security insurance policy.
“By monitoring data we’re able to drive down risk and provide better insurance at a lower cost.” explains Sidd Gavirneni, Zeguro’s Co-founder and CEO. “Why should companies overpay for cyber security insurance if they don’t have the level of risk that the policy was underwritten for?”
In this manner Zeguro is participating in the great unbundling we see in software and innovation, where niche players are able to outcompete large incumbents by providing a laser focus on one area and offering a 10x better mousetrap. To quote from the TechCrunch article:
Unbundling is reshaping the tech world too, dismantling monolithic structures into smaller, more agile and innovative units. At a macro level, we’re in the early stages of a great unbundling taking place within technology companies. eBay and PayPal have amicably parted ways. Dell went private to be more nimble and aggressive, while Symantec split into two public companies.
In turn, this large-scale decoupling influences unbundling at much more granular levels in the enterprise, a trend that is proving critical in addressing the problems caused by the aging codebases and clunky software architecture. The difficulty maintaining legacy technology means that companies have accumulated vast amounts of technical debt, making it harder for talented developers to do their jobs, and stifling innovation as a result.
For massive enterprises, unbundling represents a key countermeasure against inertia and stagnation, as well as a valuable strategy to battle more agile competitors — innovative startups who aren’t bogged down by the same legacy technical debt and the engineering bureaucracy that comes with it.
Gavirneni uses the telecommunications analogy to explain how businesses are benefiting from Zeguro. “You’ve undoubtedly seen TV commercials for new phone service providers like Boost or Virgin Mobile. These companies didn’t create new infrastructure and build new networks: they’re consuming the excess capacity the large telecom carriers already have. The large carriers couldn’t come up with a game plan for their excess capacity so a company like Boost comes along and buys the capacity knowing it can offer a better service to some section of the market.”
Zeguro acts as a MGA – managing general agency – partnering with large insurance carriers that have excess capacity in their underwriting and claims processing to bring the same quality of insurance to customers at a rate tied to their observed risk. Zeguro does this successfully through the power of data and it means customers get higher quality insurance products at lower costs. “Using data, we can provide cyber policies at cheaper rates because we measure and mitigate the underlying risk..” Gavirneni says his customers see their cyber insurance premiums drop by an average of 20%.
Zeguro is also building the ability for enterprises to secure their third-party vendor ecosystem. Large and small retailers depend on a lot of technology partnerships today for everything from payments to marketing technology to inventory management. With customer and supplier data fundamental to how these systems work, knowing which vendors are taking the appropriate actions is important. Knowing they can survive a cyber attack is key as well.
Another item on their horizon is working through resellers. As a small business, some of your source of productivity and business operations for digital efforts come from site hosters, productivity app providers and other SaaS solutions. Expect Zeguro to start showing up on the pick list for products that you should have in your business continuity plans. If you are a supplier to small businesses and think this is something your customers need, give Zeguro a call at 855-980-0660 to initiate a partner discussion.
The brick and mortar ecosystem could use more data applied this way – even if for no other reason than they’re highly targeted by cyber criminals.
