Interview with Georgina Macenzi: Why the USA Leads Retail Cybersecurity
Interview by Jim Taylor, Edited by Riad Beladi
Jim Taylor (JT): Georgina, you have extensive experience working with Carrefour and Auchan. From your perspective, how does the cybersecurity readiness of US supermarkets compare to that of European retailers, especially in the UK?
Georgina Macenzi (GM): Without doubt, the US is ahead in cybersecurity when it comes to retail. American supermarkets like Walmart have made enormous investments in building sophisticated defence systems. The scale and complexity of their cybersecurity infrastructure are far greater than what we typically see in Europe, where many retailers are still playing catch-up.
JT: What makes Walmart stand out as a leader in this field?
GM: Walmart’s approach is comprehensive—they use AI-driven threat detection, real-time monitoring, and a Zero Trust security model. This means no one, not even internal employees, can move freely across their network without strict verification. Plus, their dedicated Cyber Fusion Centre centralises all security operations. The investment is huge, but it’s necessary when you consider the volume of customer data they handle daily.
JT: Customer data protection has become a central concern for supermarkets. How are US retailers managing this aspect?
GM: Protecting customer data, especially payment information, is paramount. US retailers have adopted tokenisation and encryption techniques so actual card details are never stored or transmitted in an unprotected form. Multi-factor authentication and behavioural analytics further prevent fraud. It’s about creating multiple layers of defence to protect not just the company, but the consumer as well.
JT: How do European supermarkets, and specifically those in the UK, measure up in protecting sensitive customer data?
GM: UK supermarkets are making progress—Tesco and Sainsbury’s have started implementing multi-factor authentication and better encryption—but the overall cybersecurity culture is still developing. There’s often a reliance on external vendors rather than building strong in-house teams, which can limit response times and adaptability. The regulatory focus on GDPR compliance helps, but it’s mostly about data handling, not the proactive threat detection we see in the US.
JT: What lessons should UK and European retailers take from the US experience?
GM: Investment in people and technology is key. Cybersecurity needs to be embedded in every layer of the business, not just IT. Retailers must establish internal security centres, join threat intelligence sharing coalitions, and adopt AI-powered detection tools. It’s also essential to have clear response strategies ready to neutralise threats immediately.
JT: Looking ahead, what do you see as the biggest challenges and opportunities for retail cybersecurity globally?
GM: The threat landscape is constantly evolving—ransomware, phishing, supply chain attacks are all increasing. Retailers must stay agile and innovative in their defences. On the opportunity side, new technologies like AI and blockchain offer promising tools for secure transactions and supply chain transparency. Ultimately, those who prioritise cybersecurity will build stronger customer trust and a competitive advantage in the digital economy.