CompTIA advises retailers to check their cybersecurity preparedness ahead of the holiday shopping season

DOWNERS GROVE, Ill. (Nov. 16, 2023) — Retail businesses should make time in the coming days to assess their cybersecurity readiness ahead of the annual crush of Black Friday and Cyber Monday shoppers, according to CompTIA, the leading nonprofit association for the technology industry and workforce.

“Proactive steps taken ahead of time to protect your assets is considerably easier than dealing with the aftermath of a security breach,” said Randy Gross, CompTIA’s chief information security officer.

By one estimate, online spending in the U.S. is projected to surpass $37 billion over Thanksgiving, Black Friday and Cyber Monday, and nearly $222 billion for the entire holiday season.[1] That volume of digital transactions requires heightened adherence to best cybersecurity practices. In the short term,

Install all the latest security patches and software updates. Companies make these updates available when they discover bugs or security holes to close, so it’s a good practice to install them as soon as they are available.

Take an inventory of your business’s networks. The widespread use of digital devices makes it easy to lose track of everything that’s connected to a network. If you find something that shouldn’t be there, block it or remove it from the network.

Have a plan in place detailing responses and roles should a data breach or other disruptive event occur. This applies to businesses that have in-house IT teams and those that rely on a technology partner.

Longer term, training all employees in the basics of cybersecurity is an essential preventative measure. Human error is the most frequent cause of a data breach, making anyone in your company who works with a digital device or data a potential point of vulnerability. For the IT staff, professional certifications are a proven difference-maker.

Retailers are active in hiring cybersecurity professionals, listing 16,333 job postings for cybersecurity-related positions from September 2022 through August 2023.[2] Many other retail businesses, especially small and mid-sized establishments, rely on the expertise of managed service providers and managed security services providers for their cybersecurity needs.

While the odds of being a target of a cyberattack may be variable, the aftershocks of a data breach are certain. Two-thirds of companies that recognized the occurrence of a cybersecurity incident in the past year said the incident had a severe or moderate impact on the organization, according to CompTIA’s “State of Cybersecurity 2024” report. The cost of mitigating a cyber incident, normalized across company size, is $1 million.

“That may be a negligible impact for a large company, but for a small business, it could be fatal,” Gross said.

About CompTIA

The Computing Technology Industry Association (CompTIA) is the world’s leading information technology (IT) certification and training body. CompTIA is a mission-driven organization committed to unlocking the potential of every student, career changer or professional seeking to begin or advance in a technology career. Each year CompTIA, directly and through its global network of partners, provides millions of people with training, education and certification. To learn more visit