There was once a time when retail loss prevention was mainly concerned with shoplifters and cashiers pocketing a little change from their till. Nowadays, however, the stakes are much higher. Cybercriminals are constantly on the prowl, seeking out their next victim. They’re not after your inventory or even your cash: they want your data. This can cost retailers immeasurably in terms of fines and damages to their reputation.

Consumers are willing to pay more for personalized experiences, and that means that retailers need to know more about their customers than ever before. All of that data is precious and an attractive commodity for hackers who can use it for malicious intentions. If protecting your retail data assets isn’t on your radar, it needs to be. Here are 20 facts about retail data security you need to know today:

Data breaches are on the rise

The number of retailers reporting data breaches has doubled in the past year. (ComputerWeekly)

More than four out of ten retailers have experienced a data breach in the past year, and one-third of retailers have experienced more than one incident. (ComputerWeekly)

16% of retailers experience one cyberattack or attempted attack every single day. (FierceRetail)

The focus on customer experience is making retailers more vulnerable

“Data collected through online shopping, loyalty programs, and digital marketing is making even relatively small retailers a target for cybercriminals.” (ComputerWeekly)

More than 80% of retailers consider themselves vulnerable to data threats, and 37% say they are “very” or “extremely” vulnerable. (Thales)

Retailers are taking action

Nearly three-quarters of retailers expect to increase their spending on IT security. (ComputerWeekly)

By the end of this year, 93% of retailers expect to have adopted point-to-point encryption (P2PE), which protects card data while it’s being transmitted. 61% of retailers will also have adopted tokenization, which protects information while it’s being stored in a database. (NRF)

Spending on enterprise security is expected to reach $100.3 billion worldwide by 2019. (The Statesman)

Consumers want security… and convenience

Chip-and-PIN is preferred over chip-and-signature by both retailers and consumers alike: 49% of small retailers say their businesses would be more secure with a chip-and-PIN, and 62% of consumers said they prefer PIN cards. (NRF)

Employees are often (unintentionally) an entry point for attackers

Phishing emails and other tactics targeting insiders are still a major source of vulnerability. Employee negligence incidents average more than $2 million in annual damages. (BetaNews)

In more than 82% of total security incidents, stolen credentials were at the root cause of the breach. (Convenience and Impulse Retailing)

The cost to retailers can be crippling

The average global cost of a data breach is as high as $3.62 million. (The Statesman)

The relative cost of fraud is rising. Every dollar lost to fraud now costs merchants $2.40, 17 cents more than it did last year. (LexisNexis)

60% of small to medium-sized retailers are at risk of going out of business within six months of a data breach. (RetailTouchPoints)

One-third of US small businesses (SMBs) that suffer a data breach need up to three years to recover. (BetaNews)

Protecting your business doesn’t have to be difficult

More than 90% of POS card readers rely on their default PIN for security, making them very easy to hack and compromise security. This isn’t hard: change your default pin! (RSA)

Be wary of account takeovers

Account takeover cybercrime is on the rise because of recent data breaches like the massive one at Equifax, which exposed the personal data from over 140 million Americans. Criminals can use this information to gain access to and compromise customer profiles, their loyalty information, and even their credit card data. (New York Post)

It takes retail far too long to detect intrusions

In the retail sector, it takes IT and IT security teams an average of 197 days to detect malicious network activity. That’s more than double the average detection time of other industries. (Information Security Buzz)

E-commerce sites are a common point of weakness

Cyber extortion, in which companies must pay a ransom or risk a crippling distributed denial-of-service (DDoS) attack, is on the rise for retailers. (ChainStoreAge)

86% of websites and online applications have at least one security vulnerability. (ChainStoreAge)