Blog Article,  Network

A Study finds Low to No Cybersecurity Risk Concerns among Merchants

It seems like Electronic payments industry operators are more concerned about the risks of cybercriminals making unremitting attacks to steal confidential payment data than the merchant is. 89% percent feel there’s low to no risk of their companies facing a data breach according to a 2019 ControlScan/MAC SMB Payment Security Survey which surveyed over 6,500 microbusinesses. Of the remaining 11%, 10% felt there was a medium risk, while 1% saw a high risk.


Merchant’s who’ve been attacked before showed more concern than their “never-attacked” counterparts. Of the ones who’ve been compromised previously;

  • 20% felt they were at high risk if they had another data compromise.
  • 36% percent thought they were at medium risk.
  • 41% thought they were at low risk.
  • 3% felt there was no risk of another attack.

In contrast:

  • 69% felt of the never attacked before said they were at low risk.
  • 21% of those never breached before felt there was no risk of another compromise.

According to Chis Bucolo, one of the top executives at ControlScan, though the group of previously-attacked business is (in general) more concerned about impending risks than their “never been attacked” counterparts, a whole 44% still see they are at a low-to-no risk.

Overdependence on third-party security firms blamed for low concern levels

Writing to Digital Transaction News in an email, Bucolo said confidence levels are high in breached-before business because they undergo thorough forensics and recovery after an attack. Plus, these companies pay third-party security firms to add extra security layers which makes them confident they are well protected.

Well, paying for security is a proactive move, but the companies should not hand over the entire security role to the third party. This is because safety and compliance are continuing procedures that we can’t just establish and overlook.

The staff or persons assigned the role of data security at in small-to-medium sized firms differs based on how big they are. The figures were as follows;

In companies with 10 or fewer staffs

  • 74% assigned the chief executive or founder to take care of data security.
  • 14% designated the task to a manager;
  • 1% to operations or IT personnel;
  • 5% to finance staff;
  • 3% to administrative staff;
  • and 2% to employees in other roles.

In firms with over 100 employees:

  • 60% designated security role to IT or operations personnel;
  • 19% assigned to a manager,
  • 15% founder or chief executive
  • 6%, finance staff

Wrapping Up

Most times microbusinesses hire third-party risk mitigators to assist with security and PCI compliance. But Bucolo warns that doing should not rest the entire security task on the service provider’s hands— security remains a concern to the business.

But business over-rely on and are confident with these third-party risk mitigators, and that’s why they are less concerned about security. No wonder only 38% of entrepreneurs care to scrutinize the PCI compliance of their security firms.

 Author Bio: As the FAM account executive, Michael Hollis has funded millions by using alternative business loans solutions. His experience and extensive knowledge of the industry has made him finance expert at First American Merchant.