It is an incredibly tough time for retailers across the world. The traditional brick and mortar stores are battling high rents and falling customer spending. Experiences are becoming more important than the transaction itself. Technology is disrupting the entire industry, and economic volatility is keeping owners awake at night.
As margins become even tighter, cybersecurity may slip off the radar completely. But with financial risk, data theft, and reputational damage at stake, retailers are in desperate need of a wake-up call before it’s too late. It’s a global problem, and there have already been several high profile attacks this year.
For example, Fast Retailing Co., Asia’s largest retailer, revealed that over 460,000 user accounts were hacked on its Uniqlo Japan and GU Japan portals. According to Alert Logic’s cybersecurity report, retailers have become prime targets for cyber-attacks.
Cybersecurity risks for retailers
Point-of-Sale (POS) systems are often one of the weakest points of entry for hackers. A lack of point-to-point encryption (P2PE) combined with a failure to keep up to date with security patches and running on outdated operating systems leaves retailers incredibly vulnerable. The most famous example was the hacking of Target’s POS system. Over 70 million customers’ debit and credit card numbers were compromised.
Despite improvements to cybersecurity in retail and the automation of data backups, ransomware attacks are still on the increase. Once again, retailers are a huge target, and attacks are expected to cost between $85 billion to $193 billion globally.
We are living in a digital age where retailers are trying to deliver real-time personalization to provide customers with superior customer experiences. But to do this, they are capturing as much consumer data as they can. Anyone who has seen the Spider-Man movies will know that with great power comes great responsibility. Retailers need to step up and accept the importance of safeguarding the vast quantities of data that they have captured.
Despite the increasing threat levels, many leaders still struggle to see the ROI when it comes to increasing IT funding or partnering with providers of retail cybersecurity software. With a long list of conflicting priorities, it can be challenging for leaders to see the value in protecting against something that might not happen.
The human factor
To further complicate matters, technology is only part of the problem. Front line staff are directly interacting with customers, cash, and technology every day. But very few retailers invest the time to educate their people about cybersecurity risks. Although the industry is known for having a high turnover of staff, there is an opportunity during the onboarding of new employees to help them spot suspicious activity.
Retail employees and temporary staff have minimal experience with social engineering attacks or knowledge about the dangers of using email for sending sensitive data. That’s before you reach other common breach tactics, such as phishing emails and ransomware. But imagine how many attacks could be prevented if retailers educated their staff around the dangers they will face.
Since its arrival in 2018, GDPR has forced every business to take its strict new legal obligations seriously. The penalties of not having a cybersecurity data breach plan and not notifying customers within 72 hours of any breach come at a cost of up to 4 percent of annual global turnover.
For example, an attack on the British Airways’ website, resulted in 500,000 customer records being compromised due to inadequate cybersecurity measures. The attack resulted in the biggest GDPR fine to date – £183m (€204m, $229m) or 1.5 percent of BA’s worldwide turnover at the time of the breach.
Retailers collect, access, and use vast amounts of personal data, both online and offline. Some have been accused of gathering information without providing a clear reason for needing it, but GDPR compliance has changed all of that. Customers are becoming more aware of the importance of online privacy. As perceptions change, GDPR is attempting to bring greater trust and transparency.
Why you’re right to be cautious
Under the hood of every retailer, you will find a series of complex networks transporting a phenomenal level of business-critical data in real-time. Everything from purchases, stock levels, marketing campaigns to the personal details of its customers will be stored online. If any of these data streams become compromised, it could cause irreparable damage within minutes.
Consumers are beginning to demand mobile and digital experiences as standard. These expectations will require the implementation of even more emerging technologies to deliver real-time personalization and hassle-free frictionless shopping. IoT sensors and voice assistants will be capturing even more data to add to the growing list of responsibilities.
Every retailer will inevitably evolve into a tech company. But all of your work could be undone with an unexpected and catastrophic data breach. However, as breaches become more commonplace, it’s not the attack itself that should concern retailers, it’s how long it goes undetected that will cause the most damage.
There are many reasons why retailers need to wake up and take cybersecurity seriously. Ultimately, they will be judged by how quickly they respond to a breach and what plan they have in place once it has been identified. If you are unsure about how you would respond to a hack, you need to have a strategy in place, sooner rather than later.