• by Ray Schultz , July 20, 2017

Almost half of all U.S. retailers protect their email messages with encryption. But that is no guarantee that they will be safe.

According to a new cyber security study by Thales and 451 Research, emails are part of the “data-at-rest,” protection category, which is “near the bottom in terms of effectiveness.”

Thales surveyed 1,100 senior security executives across the globe. The respondents are employed in retailing, the federal government, finance and healthcare.

Of those working for U.S. retailers, 19% reported suffering a data breach in the last year, down from 22% the year before and lower than the 26% global average. Only 19% feel very or extremely vulnerable to attack.

But a “staggering 43% of global retail respondents reported a breach in the past year,” Thales says. And they were joined in this by 34% of the federal government security executives. In addition, 39% of global retailers feel very or extremely vulnerable.

Overall, 60% of global retail firms have a breach at some point, compared with 52% of U.S. retailers. Some of these attacks may be due to careless practices.

Of the global retailers polled, 80% deploy advanced marketing technologies before they have adequate security in place, compared with 53% of their U.S. counterparts. And global firms are more likely to store data in advanced technologies.

In addition, U.S. retailers are more likely than global firms to use encryption as a security device “in these nascent advanced environments,” Thales notes. Less than 40% of the global retailers encrypt email messages.

Of the “data-at-rest” channels protected by encryption in the U.S., email messages are third, behind PCs (desktops)  and mobile devices, including smartphones and tablets. The global listing is similar.

Next after email messages are FDE for sensitive services, file system and volume encryption for sensitive servers, specific file and fields in databases, big data environments public cloud environments and containers.

For perceived effectiveness, data-at-rest defenses are beaten by network defenses and data-in-motion defenses.

Meanwhile, 77% of U.S. retailers have penciled in budget increases for security this year, up from 61% in the last survey. And 76% of the global respondents are increasing their spend.

Globally, the main reason for spending on security is compliance. But the need to observe best practices is the top driver for U.S.  retailers, cited by 47%, up from 40% last year.  Next in the U.S. is increased use of cloud resources — it was specified by 46%.

The main barriers to effective security?

For U.S. retailers, they are complexity, concerns about impacts on performance, low priority, lack of staff, lack of budget, and lack of perceived need.

Global retailers are more likely to be stalled by lack of budget, complexity and low priority.

The countries covered in the survey include the U.S., UK, Germany, Japan, Australia, Brazil and Mexico.