2020 Web Application Security for Retail & Ecommerce Report

New study found US retailers have a larger attack surface, while EU retailers run more outdated services

Global online sales went up 71% year-over-year. As ecommerce sales get a massive boost in the wake of the coronavirus pandemic, so has targeted cyberattacks on the application layer. It’s never been more important for the retail sector to prioritize web application security to protect customer data and avoid costly data breach. In this report we analyzed the web application security of the top 20 retailers in the US and EU to ascertain their average attack surface. Through aggregated risk scoring we highlight the most common attack vectors and security shortcomings. Enabling security professionals to take the right steps to level up their cyber hygiene and mitigate the biggest threats affecting online retail applications.

Key report findings:

  • US retailers have a larger attack surface with an average risk exposure score of 35.1 (out of 42.33) vs an average score of 30.8 for EU retailers
  • US retailers run 3,357 web applications over 401 domains, with 8% of them considered as suspect and 22% of them running on old components containing known vulnerabilities
  • EU retailers run 2,799 applications over 509 domains, with 4% considered as suspect and 27% of them running on old components containing known vulnerabilities
  • Security mechanisms (95*); active content (93.3*) and degree of distribution (81.5*) are the top three attack vectors identified across US and EU retailers.
    *average score out of a 100

Download the 2020 Web Application Security Report for retail and ecommerce, to uncover the common pitfalls and learn how to effectively secure your organizations’ internet-facing applications.