Skip to Content

Innovation in retail: Using cybersecurity as a competitive advantage


Security is about protecting data, goods, and persons against loss and damage. Cybersecurity is that part of security that has to do with IT. Cyber is also a business driver and can be a source of competitive advantage in the retail sector.

What is cybersecurity?

First of all, it is necessary to take sufficient internal measures to prevent computer failure as much as possible. In any case, minimum security measures include provisions against fire and burglary, access control (physical and software), backup procedures, external storage of backups, no-break and emergency power supplies, and lightning protection. Protection of goods and people is not covered by cybersecurity. Nevertheless, the overlap is increasing – for example, vehicle security and internet monitoring, RFID-chips on loads, etc. Understanding what you are doing with personal data is an important first step. The second step is to see if the data is necessary, and if it is well protected, etc. It is not an easy thing to do.

Business relevancy

Cybersecurity is often seen in terms of the cost of mitigation – or the ramifications of a breach – it is also a business driver and can be a source of competitive advantage in the retail sector. Capgemini did a global survey of over 6,000 consumers and 200 retail executives as well as interviews with experienced cybersecurity executives. Our research reveals that customer satisfaction and spending can be drastically improved by cybersecurity and data privacy assurance. Yet, very few retailers are leveraging this opportunity to gain competitive advantage.

The key findings of the survey reveal:

  • Cybersecurity is the third-most important factor when consumers select retailers, even outranking attributes such as discounts and brand reputation.
  • The share of satisfied customers improves by 2.5x if consumers know their primary retailer had implemented the cybersecurity and data privacy capabilities.
  • Approximately 40% of consumers would be willing to increase their online spend by 20% or more if their primary retailer gave them certain assurances to build their trust.
  • Enhanced cybersecurity and data protection could drive a revenue uplift of around 5%.


The data protection landscape is rapidly changing. As organizations harness the power offered by digital and personal data, increasingly smart cybercriminals become more and more intent on stealing or compromising that data. Compliance with the EU’s GDPR (General Data Protection Regulation) from May 2018 is thus a regulatory requirement, a risk management issue, and a strategic business imperative. GDPR encompasses data management and security, including new concepts – transparency and accountability – and a key requirement to notify data breaches. It is not just a regulatory requirement. It’s an opportunity to build trust and confidence with your customers and employees. Get it wrong, and you’ll risk financial penalties and people turning away. Get it right, and you’ll race ahead of the pack.

Privacy and protection

As data proliferates across the digital enterprise, confidential and personal data is at risk from cyber criminals, states, and competitors. So, the best strategy is to be prepared and to comply with new regulations, including the EU General Data Protection Regulation, to protect yourself from the financial and reputational damage of data loss or data leaks. The threat of a data leak to operational continuity, brand value, and customer trust cannot be totally eradicated in this digital landscape; it can only be mitigated if handled correctly. It is a strategic and enterprise-wide task involving key businesses and stakeholders, including IT, security, HR, and legal. Data protection efforts should be consistent with your digital transformation and cybersecurity strategies, and focus on both personal and critical data assets. You can secure the sharing of identity information between new consumer-facing applications, control internal risks, and protect your enterprise against cyber-attacks. This means that the right people get access to the right resources at the right time.


Learn from each other

Almost every organization will experience a data security breach this year. It’s how they respond that makes all the difference. It takes an average of 99 days  (Mandiant (a FireEye company), M-Trends 2017 report) for a malicious attack to be identified. In the meantime, data privacy and protection have become core to today’s security strategies; data fuels business success. It is clear that a new generation of cybersecurity is needed. Even if you are well protected, with the right tools and the right processes in place, you still leave yourself open to attacks if you are not monitoring systems, detecting potential security incidents, and able to make changes to your operations quickly when a threat is detected. This new generation is about cooperation and knowledge sharing. Others do not need access to your data, security and systems. It is about the type of attacks and breaches that happened, and how they are stopped, mitigated or misinterpreted by your company. Others can think with you, help you or learn from your experience. Together you are stronger, learn faster, and share the pain when faced with challenging times. To create such an environment where this behavior can occur intrinsically, Capgemini set up the security operations centers (SOCs) – a network of global SOCs where collaboration, sharing expertise and best practices, and communication of success stories are key in the relentless pursuit of robust cybersecurity.

Security operations centers

Our network of global security operations centers (SOCs) stretches across the world, with SOCs in India, Europe, and North America complemented by satellite SOCs. As said before, they collaborate, share expertise and best practices, and communicate success stories in their relentless pursuit of robust cybersecurity. There is no one-size-fits-all approach to cybersecurity. Every enterprise has its own unique security requirements based on the market and market segment they operate in. The first step is to understand and quantify your risk profiles, then identify critical data assets, and lastly, assess your current security strategies and levels of protection. We tailor the end-to-end services delivered through our proven security operations center (SOC) model to each client’s specific context and business ambitions.

Feel free to reach out to us for more information, training or to arrange a workshop about cybersecurity and our security operations centers.


This blog is part of the “Innovation in Retail” series.
Check the others here: