Data Governance: retailers’ secret weapon against cyber security threats

Security is a growing concern among retailers, with cyber-attacks, security breaches, and the use of malware all on the rise. But with the right governance practices in place, companies are better positioned to find and fix security issues, stay ahead of new threats, and keep their organisation secure.

By October last year, the number of data breaches publicly reported had already surpassed the total number reported in 2020, indicating an alarming pattern of increased breaches as the world’s use of technology continues to grow exponentially.

And it’s not just businesses who are concerned. Individuals are also feeling the heat – this year, the number of Americans concerned about the personal impact of individual or corporate attacks rose to 90% thanks to the coverage of attacks in the media, such as the Log4j vulnerability.

For retail companies wishing to safeguard their systems, investing in governance along with security could prove invaluable. Devin Lampe, one of dunnhumby’s data consultants, explains how governance can help retailers tackle this growing problem:

1. Data Governance can help identify vulnerabilities

While setting up a governance board and processes, everything within the data estate must be documented and evaluated. This includes shadow IT systems, which not only increase overall IT costs but often create significant risks as security standards are not upheld. This type of documentation will help to ensure due diligence within organisations which is especially critical for growing companies, whose risk exposure increases in tandem with business growth. Ongoing processes such as these should be supported by regularly scheduled audits that will identify any weak spots.

2. Data Governance can expedite fixes and recoveries

In a company where everything is documented, if a risk is identified, the company can easily pinpoint where that issue resides within their organization. Governance also lends itself well to ownership, where every technical component or data solution should have an identified owner. Should something go awry, communication to the correct teams is quick and seamless – and energy can immediately be channelled into fixing the problem.

3. Data Governance can foster accountability and participation

As every successful business owner knows, people are often the greatest vulnerability within a corporation – so encouraging involvement in your governance processes leads to better outcomes.

Data breach costs have surged by 10%, and user-related attacks – namely compromised credentials and phishing – are a leading cause, accounting for 37% of all breaches and $10 million in costs. By targeting the weakest link in your system, governance can help you to avoid threats, implement security best practice, and ultimately keep your company data well-protected.

A key component to governance is setting standards and expectations for your people. The adoption of such practices relies heavily on how ideals such as organisation culture are disseminated and upheld at all levels of a business. Do not underestimate the value of leaders within an organisation demonstrating and communicating proper governance. This emphasis on individual ownership of and adherence to standards can have a huge impact on a company’s overall security risk – as well as its finances.

Staying customer first

dunnhumby ensures retailers stay customer-first by implementing data governance strategies that keep your customer data safe. Unsure whether your data governance practices are industry standard? To help understand where you may stand, answer the following questions:

• How does your company regulate new data assets or movement of data?
• What process is followed to ensure compliance with these standard policies and ensure documentation of assets is updated?
• Describe your company’s data and technical r How well does this roadmap align to the prioritisation and decision-making within the Data and Tech division?
• How often have you seen or heard this document referenced?
• If you have questions around security, what team or contact is responsible for answering them?
• If there are exceptions that need to be made around security procedures, how are these raised and what is the process to resolve them?

dunnhumby’s data consulting team can assess your current strategy and create a new roadmap through our Data Strategy Healthcheck. To learn more, please contact your dunnhumby client representative or contact us.

Devin Lampe, a dunnhumby data consultant, holds an MSIS from the University of Cincinnati and has been with dunnhumby since 2017. Over the years she has worked with a variety of US and Canadian grocery retailers in media, personalisation, and pricing, providing deployment support, bespoke consulting services, and technical management.