After the pandemic upended the retail and hospitality industries, digital transformation became imperative to survival – the key to meeting ever-changing customer expectations and overcoming supply chain complexities. As the landscape continues to shift, 55 percent of retailers say they’re open to improving their innovation capabilities, while 51 percent want to adopt new business models. But as retail and hospitality companies deepen their digital capabilities, cyberattackers are looking for ways to exploit vulnerabilities in eCommerce systems, digital payment platforms, and other software systems.
Our latest State of Software Security (SOSS) Volume 12 found that 73% of all applications in the retail and hospitality sector have a security vulnerability. This is especially concerning as we enter the busy holiday season, a time of historically elevated threat levels.
Yet there is some cause for cheer: Our SOSS findings revealed that when compared to other industries, retail and hospitality have the second-best fix rate. This sector also boasts industry-leading fix times for flaws discovered by dynamic analysis (DAST), and land in the middle for static (SAST) scans.
Flaws in third-party libraries found through software composition analysis (SCA) scans stick around longer for all industries, with 30 percent of vulnerable libraries remining unresolved after two years. For the retail and hospitality sector, that statistic rises slightly to 35 percent, lagging the cross-industry average by more than six months. But be assured that the gap is not so wide that it cannot be closed.
Prevalent vulnerabilities that retail and hospitality organizations should keep an eye on include server configuration, insecure dependencies, and authentication issues – quite similar to those found in other industries. However, percentages of these flaws are higher for nearly every category, which may be due to greater functional complexity of customer-facing and back-office applications.
Today, maintaining customer loyalty is priority No. 1 for most retailers, and it’s easy to see why: It costs five times more to acquire a new customer than to keep an existing one. Our findings indicate that as retailers work to reduce risk and strengthen customer loyalty this holiday season and beyond, they would benefit from efforts to address software flaws in a more comprehensive manner.
To learn more, including historical data trends about retail and hospitality’s software security practices over time, read the State of Software Security Report: Retail and Hospitality.