How to Balance E-Commerce Security with Performance

How to Balance E-Commerce Security with Performance

With the year-end holidays looming closer, retailers and e-tailers are strategizing how to increase sales and profits this season—and be ready for Black Friday, the retail equivalent of the Super Bowl. However, there’s a dark reality that online retailers cannot overlook—criminals who want to steal from them and their customers.

Recently, at an Imperva Incapsula-sponsored webinar “How to Balance E-Commerce Security with Performance,” Product Manager Nabeel Saeed explained how, as cyber security budgets continue to grow, so does cyberattack volume and size.

“Companies are spending a lot more on defenses than they ever have before. Despite that, large-scale data breaches continue to occur,” he said.

The shopping season is a particularly attractive target.

“Certain times of the year are really critical for customers—Black Friday and Cyber Monday, when you’re getting a big percentage of revenue and don’t want any issues at all,” added American Eagle CTO Ryan McElrath.

Here are a few quick facts about e-commerce:

  • US e-tail sales are expected to reach $1.6 trillion by the end of 2015, and up to $2.5 trillion by 2018. (source)
  • Total North American e-tail sales will show an increase of 14.3% from 2014 to this year. (source)
  • By 2019, eMarketer predicts online purchases will more than double, and will increase to 12.4% of total retail sales. (source)
  • There was a 25% year over year increase in global e-commerce in 2015 (source)
  • E-tail sales are expected to eclipse $3.5 trillion within the next five years (source)


Most Security Breaches Caused by Attacks on Web Apps

There have been several security breaches for some of the largest global companies in the past couple of years.

Some of the larger, most notable attacks include:

  • eBay – $145m
  • Target – $70m
  • Home Depot – $56m

Data reveals:

  • 75% of cyberattacks are aimed at web applications
  • The average number of serious vulnerabilities on websites per year is 79 (source)
  • 1 in 5 website vulnerabilities were considered critical and allowed access to sensitive data (source)
  • $5.85m was the average data breach cost in the US alone—up from $5.4m in 2013 (source)

Web applications are being attacked because they’re easily accessible and can provide lucrative entry points into valuable data. This is also one of the most common approaches because most websites have vulnerabilities.

So what is the chance of your site falling victim to a hacker? A Cenzic study recently stated that 96% of web applications have vulnerabilities and 13% of websites can be automatically compromised by them.

“There are simply some faults in the code that anyone can use to expose the vulnerability,” said Saeed.

How DDoS Attacks Impact Site Availability

One of the most popular methods of bringing down a site is a distributed denial of service (DDoS) attack. These are conducted by a botnet—a cluster of hundreds or thousands of inflected computers—against a single target, typically a website. Companies falling victim to DDoS attacks in recent years include Meetup, Vimeo, Basecamp, and Bitly—proving that any entity can be a target.

In an e-commerce transaction, legitimate user traffic is routed to your website through an ISP, its purpose being to browse and possibly buy. An assault interrupts the exchange of data and ultimately overwhelms the site with a huge spike in traffic.

The Cost of a DDoS Attack

Data from Incapsula’s DDoS Impact Survey reveals that 45% of organizations are subject to attacks and are more likely to fall victim multiple times. 91% of companies recently attacked experienced at least one other assault in the past 12 months. As for financial impact, the average cost of an attack lasting ~12 hours can run $40,000 per hour.

A Slow Site Means Abandoned Carts

Many companies have put cyber security measures in place to combat DDoS attacks. Some of these changes come at the cost of a site’s speed and availability, however. Why is this important to you?

Research shows:

  • 25% of users abandon a website after waiting three seconds (source)
  • Page bloat: Retailers are launching rich, content-intensive sites that are slow to load Media loading times for retailer’s sites have slowed 47% over the past two years (source)

A slow site is expensive. Incapsula has seen that a 1-second delay on your website equals:

  • 11% fewer page views
  • 16% decline in customer satisfaction
  • 7% loss in conversions (source)

For a website grossing $100,000 per day, this can mean to $2.5 million in lost annual sales.(source).


For administrators, finding the balance for a secure site that is also fast and responsive can be challenging. To discover if your site is ready for the holiday season, watch our “How to Balance E-Commerce Security with Performance” webinar recording.