New Retail Risk Report Exposes Cyber Risks Posed by Permanent, Temporary and Contract Employees

SAN FRANCISCO, CA--(Marketwired - November 28, 2016) - In conjunction with Cyber Monday, the largest online shopping day of the year, Bay Dynamics® is unveiling a new report that details cyber risks posed by permanent, temporary and contract employees within retail organizations. The "2016 Pre-Holiday Retail Cyber Risk Report," the second annual retail risk report released by Bay Dynamics, is based on a survey asking IT and security professionals, who manage retail organizations' cyber risk and security programs, about the kind of information to which their permanent, temporary and contract employees are granted access and what they have done with that information. Respondents were also asked about how much visibility they have into employees' actions, how quickly they patch vulnerabilities, when they feel the most pressure to secure their organizations and more.

The survey was conducted by the third-party research company, Osterman Research, in October 2016. It was distributed to 134 IT and security professionals who work for enterprises with at least 2,000 employees and are based in the United States.

Highlights from the "2016 Pre-Holiday Retail Cyber Risk Report" include:

• Cyber security is no longer viewed as a "seasonal" priority: 56 percent of IT and security professionals say they do not feel more pressure during the holidays to secure their organizations, indicating the pressure is year-round. The finding differs with the 2015 "Pre-Holiday Retail Risk Report" which revealed the majority, 66 percent, of respondents said they felt more pressure during the holidays to secure their organizations.
• Employees are being watched more closely: There's a four-fold jump (from seven percent to 30 percent) between 2015 and 2016 in the number of IT and security professionals who say their permanent employees accessed and/or sent sensitive data they should not have accessed and/or sent. There's also a significant decrease (from 14 percent to five percent) in the number of IT and security professionals who say they are not sure if their permanent employees have accessed and/or sent sensitive data they should not have accessed and/or sent.
• Temporary workers do not get their own accounts, but also have limited access: The majority (64 percent) of IT and security professionals say they don't give temporary workers their own accounts, and therefore also don't give them access to sensitive data. For those who say they do (36 percent) give temporary workers their own accounts, they are also doing a better job monitoring those employees. Only 12 percent of respondents say they have little to no visibility into what their temporary workers are doing on the network.
• Access to sensitive, personal information is limited:
  Only six percent of IT and security professionals say their temporary workers have access to personally identifiable information (PII), and only 13 percent say their contractors can access PII. The findings show retailers are limiting access to their most sensitive information.

"When comparing the 2015 retail cyber risk report to today's, the data shows a significant improvement in how retail organizations are prioritizing cyber risk and security," said Ryan Stolte, co-founder and CTO at Bay Dynamics. "They view cyber security as a year-round commitment and therefore are limiting access to sensitive information for those workers who do not have their own accounts. They have more visibility into their employees' actions, especially permanent employees who access highly valued data assets. Cyber security is no longer being put on the back burner and that's a positive shift."

"IT and security professionals in the retail industry are becoming increasingly focused on addressing cyber security and cyber risk issues," noted Michael Osterman, Principal Analyst with Osterman Research. "Most are patching their systems quickly, monitoring employee behavior more closely, and limiting access to sensitive information, but there is definitely still room for improvement."

To download the "2016 Pre-Holiday Retail Cyber Risk Report" go to: http://baydynamics.com/resources/2016-pre-holiday-cyber-risk-report/

To download the 2015 "Pre-Holiday Retail Risk Report" go to: https://baydynamics.com/resources/pre-holiday-retail-risk-report/

About Bay Dynamics
Bay Dynamics® enables enterprises to prioritize security activities and direct their limited resources at their most important problems. The company's flagship product, Risk Fabric®, is a software platform for enterprises requiring timely prioritization and remediation of security exposures impacting their most critical IT systems and data assets. Risk Fabric benefits enterprises with improved timeliness of action by automating the delivery of personalized and prioritized vulnerabilities to line-of-business application owners responsible for remediation. The platform also enables enterprises to reduce costs and regulatory risk, fortify business continuity, and improve decision making by combining security tool data with business context to provide a complete view of risk mapped to valued assets. For more information, please visit www.baydynamics.com.

Follow Bay Dynamics on Twitter at www.twitter.com/BAYDYNAMICS, on LinkedIn at www.linkedin.com/company/bay-dynamics/, and on Facebook at www.facebook.com/bay.dynamics.

Bay Dynamics and Risk Fabric are registered trademarks of Bay Dynamics, Inc. Other trademarks mentioned are the property of their respective owners.