Comment: Cyber-attacks are coming your way
“We plug in anything we can to the internet. We can control our entire lives, economy and grid via a remote web control. But over the past decade, as this transformation took place, we never paused to think that we were also creating the world’s largest attack surface.”
This is the worrying backdrop Nicole Perlroth painted as she explored the world of cyber-attacks in her book ‘This Is How They Tell Me the World Ends’ that went on to win the FT Business Book of the Year award in 2021. It certainly scared lots of people and led me to believe that pretty much any internet-connected system is vulnerable to attack.
This is exactly what has played out in the world of retail. We’ve had high profile attacks on the likes of the Co-op and Marks & Spencer in recent months that brought down their systems. The reality is that this is just the thin end of the wedge, judging by figures that Huntsman Security has supplied exclusively to The Retail Bulletin.
They analysed Information Commissioner’s Office (ICO) Data Security Incident Trends from 2024 and found 1,341 data breaches relating to retailers were reported to the ICO – impacting information connected to at least 5.52 million people. As many as 86% of these retailer breaches leaked basic personal data such as name, email address, or home address, that can identify an individual.
Subscribe to TRBThis did not include information that is of a more sensitive nature but Huntsman also found that 23% of the retailer data breaches exposed data that can identify an individual. This may not be a name, but could be a customer number or username that can be combined with other information to uniquely identify a person.
These breaches were predominantly caused by brute force attacks; hardware and software misconfiguration; malware; ransomware; and phishing. This all sounds rather scary and retailers are often a prime target for attackers – as this year’s series of attacks have shown. No wonder then that as many as 58% of retail leaders regard cyber-security as a top-three threat for the year ahead, according to research from Retail Economics and Barclays Corporate UK Banking.
The research also found that only 25% of retailers feel highly prepared to detect, respond to, and recover from a cyber-incident. But Huntsman reckons they should be comforted by the fact it is relatively straightforward best practice that can protect retailers against a large proportion of breaches, and allow teams to focus on those that are the most challenging to prevent.
One way for retailers to protect themselves is to get their loyalty programmes in order, according to Dean Standing, Chief Revenue Officer at Sagacity, who says: “The more they know about an individual, the better the experience for them. However, this is something of a double-edged sword. Having this data means a customer data breach would hit members the hardest. Until now, many people have handed over data to loyalty schemes unquestioningly – but if they start to feel like retailers aren’t safeguarding their information, they will question the value of that exchange.”
Rather than collecting every item of data willy-nilly retailers should only be collecting what is necessary, safeguarding it properly, and making sure customers get something tangible in return. Moving beyond generic discounts to personalised rewards and experiences will help customers feel valued and if a breach does occur, this loyalty could at least act as something of a shield that potentially limits the damage.
Whatever shields are put in place these are certainly worrying times and retailers must continue to invest in the systems and expertise to protect themselves and their customers in an attempt to keep ahead of the attackers. Even the US Department of Defense took Perlroth’s book seriously and she moved from her job as a journalist to helping with cyber security at The Pentagon no less.
Join us at The Retail Conference on 6 November where we will be discussing cyberfraud and how to mitigate the risk and cost within retail businesses. Find out more and register for free places here
