Three-quarters of British retailers have not implemented basic encryption to safeguard business and customer data, according to security vendor Sophos.
In spite of this, almost 90% are confident that they have adequate security in place, showing a schism between perceptions and practice in the industry regarding cybersecurity levels.
James Lyne, global head of research at Sophos, said: "We’re now in the midst of the busiest time of the year for the retailers, so shops must ensure they have appropriate measures in place to prevent cyber crime."
"As recent data breaches show , it is critical that retailers protect customer data both from exposure in the public domain and from being quietly used in the background."
77% of retailers are mostly reliant on firewalls to protect their business, with a third primarily using antivirus software of the sort security firm Symantec said would stop less than half of threats earlier this year.
Two-thirds even admitted they had no network protection beyond a firewall, and a mere 2% said they had a comprehensive system in place, capable of detecting and resolving more advanced attacks.
"For an industry responsible for holding and safeguarding so much sensitive customer data, it’s worrying to see the level of over confidence and lack of awareness surrounding cyber security," Lyne added.
"What amazes me is how often the breaches are the result of incredibly simple failures of policy, training or technology and not the result of cybercriminals being particularly clever."