Growing threats posed by online criminals

Every industry faces threats from cyber crime but retailers are particularly at risk due to the growing requirement for an online presence and the large amounts of valuable customer data which is stored.

As shoppers demand 24-hour online access to goods and services, successful retailers can never stand still and are constantly investing in new digital channels, in developing apps for mobile phones and tablets, and other payment technologies. Each of these poses potential cyber security risks.

In its annual Retail Crime Survey 2016, the British Retail Consortium (BRC) asked its members about the threats posed by cyber crime and found hacking and data breaches were costing the industry approximately £36 million each year. While this represented 5% of the total cost of crime a further £100 million (15% of the total) was lost through ‘cyber enabled fraud’ – fraud conducted online.

The report adds: “Alongside the considerable amount of financial and societal harm being inflicted, there is little sign of the threat abating. 91% of respondents reported that the overall number of cyber breaches is increasing (36%) or remaining the same (55%).”

Discussing current cyber threats to the retail industry, PwC cyber security director James Rashleigh, said: “Our retail clients face significant challenges in relation to cyber security. Based on our recent research we found that attacks are up by over 30% so this challenge is not going away.”

He said the main threat comes from criminals who are attempting to steal customer data. This data might include names, addresses, credit card details and more which can be sold via a lucrative underground economy.

Mr Rashleigh added that another big cyber challenge facing retailers is that posed by distributor of denial service (DDoS) attacks which can cripple a business’s website for long periods, causing online selling to be suspended.

Such attacks are often used to mask a criminal’s real intent of installing a virus or malware on a network which might be used to steal data or lock a business out of its data until a ransom is paid. One global survey of companies by information services provider Neustar found 73% of retailers had fallen victim to a DDoS attack and 13% of them had encountered ransomware in conjunction with the incident.

Protecting you and your customers

Frank Woods, retail insurance expert at NFU Mutual, said the growing risk of cyber crime is one which the retail industry must see as a priority.

“More and more small to medium-sized retailers are enthusiastically joining their larger counterparts in the world of online selling," he said. "But in the rush to beat the competition by offering more ways for customers to interact and buy from you it is important that you don’t do anything which could jeopardise their information or your business.”

Frank offers the following guidance for retailers:

  • Ensure you have the right processes and technology in place which are designed not just to prevent cyber attacks but which will also deal effectively with the effects during and after any attack
  • Make cyber security a priority for everyone in the business – this means the board should play an active role in minimising risks and there should be investment in effective training and ongoing awareness programs to keep staff involved in protecting the business. Also, consider the security in place throughout your supply chain to ensure any weak links are addressed
  • Don’t just wait until you become aware that a cyber attack is happening. You should be proactively looking to detect breaches or any weaknesses in your systems, and practicing how you will respond to breaches
  • Have adequate insurance in place. Data breaches can result in fines and reputational damage, while attacks can shut down your business. Your insurer should not only cover the financial losses but should provide expertise in dealing with all aspects of cyber crime.


Further reading

Cyber Essentials - A Government-backed scheme to guide businesses in protecting themselves against cyber threats.

British Retail Consortium cyber security toolkit – the BRC’s practical, step-by-step cyber guide for the retail industry.

NFU Mutual essential cover for business - along with our partner AIG, we can offer a range of products to help protect your business and your employees.