Cyber risks for retailers

this article was originally posted on the NFU Mutual website

Growing cyber crime threats pose a constant danger to retailers’ security.

Every industry faces threats from cyber crime but retailers could be particularly at risk due to the growing requirement for an online presence and the large amounts of valuable customer data which is stored.

As shoppers demand 24-hour online access to goods and services, successful retailers must invest in their digital channels, in developing apps for mobile phones and tablets, and in new payment technologies. Each of these poses potential cyber security risks.

According to the 2018 UK Government Cyber Security Breaches Survey, just under half of all UK businesses identified at least one cyber security breach or attack in the previous 12 months. However, the survey shows that only 27% of UK firms have insurance to cover a cyber security breach or attack.

The introduction of the General Data Protection Regulation (GDPR) in May 2018 means that businesses now have an increased responsibility to improve the security of personal data which they store or process.

Data breaches have to be notified to the Information Commissioner’s Office (ICO) within 72 hours and if businesses fail to comply with the regulation then large penalties – up to 4% of turnover – could follow.

Our 2018 cyber research showed that size is a significant factor in businesses’ approach, and exposure, to cyber-security. Smaller businesses – such as smaller retailers – are particularly vulnerable: they have limited knowledge about cyber security and have limited resources and processes in place to address cyber security risks.

Protecting you and your customers

Frank Woods, retail insurance expert at NFU Mutual, said the growing risk of cyber crime is one which the retail industry must see as a priority.

“More and more small to medium sized retailers are enthusiastically joining their larger counterparts in the world of online selling,” he said. “But in the rush to beat the competition by offering more ways for customers to interact and buy from you it’s important that you don’t do anything which could jeopardise their information or your business.”

Frank offers the following advice to retailers

  • Ensure you have the right processes and technology in place which are designed to not only prevent cyber attacks but also to deal with the effects during and after any attack
  • Make cyber security a priority for everyone in the business — this means the board or senior managers should play an active role in minimising risks and there should be investment in effective training and ongoing awareness programmes to keep staff involved in protecting the business
  • Consider the cyber security in place throughout your supply chain to ensure any weak links are addressed
  • Don’t just wait until you become aware that a cyber attack is happening. You should be proactively looking to detect breaches or any weaknesses in your systems, and practising how you will respond to breaches
  • Make sure you have adequate insurance in place. Data breaches can result in fines and reputational damage, while attacks can shut down your business
  • Your insurer should not only cover the financial losses but should provide expertise in dealing with all aspects of cyber crime.