Retail sales may be under threat in the UK as consumer confidence wavers, but the prospects of hitting the shops has never been so appealing. With cyber-criminals, that is. The retail industry is a top target for cyber-attacks, and the hackers are more than keeping pace with digitisation.
Recent research carried out by Retail Week found that 72% of retail executives have witnessed “an exponential rise in the increase in hacking attempts in the past two to three years, with 64% of those witnessing this increase experiencing a breach in their own firm.”
This is worrying in itself. But when you compare those statistics with the views of consumers quizzed as part of the same research, 72% of who would be unlikely to do business again with a retailer who suffered a data breach involving personal data, it’s clear that cyber-security has a material impact on the brand, and ultimately the bottom line.
So why is the industry under siege in this way? Here are the top 5 reasons cyber-attackers have their eyes firmly on our retail brands:
- The guaranteed prize of valuable customer and credit card data which can be sold easily on the dark web if captured
- Easy to predict peaks where a blackmail threat is likely to work (who would want their customer facing website down on Black Friday for example?)
- Complex labyrinth of IT systems and software connecting an ever-increasing number of internet-connected endpoints, NOT designed with holistic security in mind
- High labour turnover across the industry and reliance on contractors combined with often weak policies and processes to govern internal security internally exposes risk
- Lack of focus at board level – spotlight is on market share with security often an after-thought, a ‘tick in the box’ addressed by point solutions
From my experience working with leading retailers, all of the above are exacerbated by a culture of doing just enough to keep up with peers and with legislation. Rarely is there a real willingness to make cybersecurity the strategic advantage that it could – and indeed should – be.
“There is not much collective security in a flock of sheep on the way to the butcher.”
Winston Churchill
As many retailers look to implement a single digital customer journey encompassing online, in store and beyond, which is dependent on customer data, now is the time to break rank and design a security strategy from the inside out. The benefits? There are many, but these are the ones I see as delivering the most strategic value.
- Innovation: Being able to scale technology-based innovation, which let’s face it is happening at a previously unseen pace, with confidence rather than scrabbling to find a way around PCI DSS requirements or, very soon, GDPR.
- Reputation: Knowing that the millions spent building your brand are much less likely to be outstripped by millions spent defending and rebuilding your reputation after a data breach, particularly one you could have easily avoided.
- Business Optimisation: Why retrospectively work out how to plug the gaps and comply with information security regulations when you make a change to your IT? Build in flexible, scalable security and you’ll save time and money on your projects.
So, how can the industry fight back and defend itself against the real and very pressing threat? Download the new Retail Week report “Tackling data breaches in modern retail”, sponsored by Cisco, to learn how retailers can avoid creating the next cyber-hack headline. For a sneak-preview, check out the infographic below:
1 Comments