Growing cyber crime threats pose a constant danger to retailers' security

Every industry faces threats from cyber crime but retailers are particularly at risk due to the growing requirement for an online presence and the large amounts of valuable customer data which is stored.

As shoppers demand 24-hour online access to goods and services, successful retailers must invest in their digital channels, in developing apps for mobile phones and tablets, and in new payment technologies. Each of these pose potential cyber security risks.

In its annual Retail Crime Survey 2017, the British Retail Consortium found nearly half of respondents saw an increase in the number of cyber attacks in the last year.

The report said phishing, theft of data, and Distributed Denial of Service (DDoS) attacks are the most significant cyber crime types. It also found retailers spent 400% more on average on cyber crime prevention than the previous year.

PwC cyber security director James Rashleigh, said: “Our retail clients face significant challenges in relation to cyber security. Based on our recent research we found that attacks are up by over 30% so this challenge is not going away.”

He said the main threat comes from criminals who are attempting to steal customer data. This data might include names, addresses, credit card details and more which can be sold via a lucrative underground economy.

Mr Rashleigh added that another big cyber challenge facing retailers is that posed by DDoS attacks which can cripple a business’s website for long periods, causing online selling to be suspended.

Such attacks are often used to mask a criminal’s real intent of installing a virus or malware on a network which might be used to steal data or lock a business out of its data until a ransom is paid.

One global survey of companies by information services provider Neustar found 77% of retailers had fallen victim to a DDoS attack and 21% of them had encountered ransomware in conjunction with the incident.

Protecting you and your customers

Frank Woods, retail insurance expert at NFU Mutual, said the growing risk of cyber crime is one which the retail industry must see as a priority.

“More and more small to medium-sized retailers are enthusiastically joining their larger counterparts in the world of online selling," he said. "But in the rush to beat the competition by offering more ways for customers to interact and buy from you it’s important that you don’t do anything which could jeopardise their information or your business.”

Frank offers the following guidance for retailers:

  • Ensure you have the right processes and technology in place which are designed to not only prevent cyber attacks but also to deal with the effects during and after any attack
  • Make cyber security a priority for everyone in the business — this means the board should play an active role in minimising risks and there should be investment in effective training and ongoing awareness programs to keep staff involved in protecting the business
  • Consider the cyber security in place throughout your supply chain to ensure any weak links are addressed
  • Don’t just wait until you become aware that a cyber attack is happening. You should be proactively looking to detect breaches or any weaknesses in your systems, and practising how you will respond to breaches
  • Make sure you have adequate insurance in place. Data breaches can result in fines and reputational damage, while attacks can shut down your business
  • Your insurer should not only cover the financial losses but should provide expertise in dealing with all aspects of cyber crime.

Further reading

Cyber Essentials — A Government-backed scheme to guide businesses in protecting themselves against cyber threats.

British Retail Consortium’s cyber security toolkit — the BRC’s practical, step-by-step cyber guide for the retail industry.

NFU Mutual essential cover for business — along with our partner AIG, we can offer a range of products to help protect your business and your employees.