Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

A new report from Cornell University and FreedomPay found that stakeholders were almost universally satisfied with internal risk assessment processes (96%) and cybersecurity systems (95%), despite the reality that one in three (31%) has experienced a data breach in the past. Among companies that had suffered a breach, most (89%) had experienced multiple breaches in a single year.

Consumer-facing businesses, like retailers, restaurants, and hospitality brands, have a major gap between their leaders’ confidence in their cybersecurity postures and the realities at hand. As businesses contend with growing and more frequent threats, prevention and remediation efforts are spurring complexity. Three-quarters (74%) of companies report they use multiple cybersecurity systems, most (56%) have multiple systems spread across multiple locations, and half (49%) say these systems are governed by multiple departments.

Small merchants (57%) were significantly more likely to report governance falls under a single department, while large merchants (63%) are more likely to have multiple departments involved.

Risk perceptions misaligned with reality. 89% of companies that have been breached have been hit more than once in a year. 69% of retail businesses have been breached upwards of three times a year. While nearly all (96%) surveyed retail, restaurant and hospitality stakeholders are confident in their companies' internal risk assessment processes. Their satisfaction (95%) in the security of their systems is misaligned with reality, as one-third of companies (31%) have experienced a data breach in their company's history.

Most companies have a cybersecurity system in place for cloud security (80%), as well as network (75%), customer data (75%), and payment (74%) security. The proliferation of systems and matrixed reporting are reflective of executives’ attitudes, with many (87%) seeking leadership in the form of government intervention in the fight against cybersecurity threats.

Cornell University and FreedomPay queried 300 retail, food/beverage, and hospitality respondents identified as primary and shared decision-makers for cybersecurity product purchasing at their respective companies. All respondents came from companies with 50 or more employees and an annual revenue of $1 million or greater, including 115 respondents from companies with revenues of $250-999 million and 38 from companies with revenues of or above $1 million.

Read the full report by Cornell University and FreedomPay.


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member