THE RETAIL BULLETIN - The home of retail news
Department Stores
Shopping Centres & Retail Parks
Home & DIY
Health & Beauty
General Merchandise
Sports & Leisure
Retail Solutions
Food & Drink
Cybercrime: A growing threat to retailers

Retailers are becoming increasingly susceptible to the growing threat of 'cybercrime' - the use of computer technology to commit illegal offences, usually with the aim of obtaining a pecuniary advantage. By Joseph Jackson, Bird & Bird LLP


Cybercrime: A growing threat to retailers

In August, the Cabinet Office announced that 93% of large corporations and 87% of small businesses in the UK suffered a cybersecurity breach in the last year. Considering that these figures only address reported cyber-attacks, the scale of the problem is certainly a cause for concern. Retailers should be aware of this threat and the legislative measures currently being considered on cybersecurity in Europe. 

The impact of cybercrime
Estimates of the annual global cost of cybercrime range from £44 billion - £253 billion, with the British Retail Consortium estimating the cost to the UK's retail sector as £205.4 million.

Retailers that have experienced a major cyber-attack will be aware of the damage that can be caused. Business interruption, theft of trade secrets, misappropriation of finances, loss of customer data and damage to reputation are all risks for retailers with inadequate cyber resilience.

New regulation?
Policymakers in Europe are currently considering laws that would set a common standard of network security. In February this year, the European Commission published a draft Directive on cybersecurity ("the Directive") which includes the following key proposals:

*Certain businesses and organisations would be required by law to take appropriate technical and organisational measures against cyber risk and report incidents that have a 'significant impact' on their core services. This could apply to some retailers – see 'Will the Directive affect Retailers?' below.

*EU Member States would be obliged to adopt a national strategy on cybersecurity, establish a national authority for monitoring compliance with the Directive and set up a 'Computer Emergency Response Team' to assist in monitoring and handling cybersecurity incidents.

*Processes would be established to facilitate the exchange of best practices and early notification of cyber-incidents between Member States. The Directive also envisages Member States agreeing coordinated responses to cyber-attacks.

Will the Directive affect Retailers?
Early indications suggest that retailers with an online sales presence may be in the Directive's cross-hairs. It is envisaged that the Directive will not be applied to so called 'microenterprises' - businesses with fewer than ten employees and with an annual turnover of €2 million or less – though businesses to which this exemption applies may still find themselves having to comply with the Directive as obligations are flowed down through their supply-chain.

The future
Whilst implementation of the Directive appears some way off, retailers should be aware that their businesses could be subject to regulation on cybersecurity in the future. To the extent possible, retailers should consider 'future-proofing' their security processes against the impact of future regulation, at a technical operational and legal level by taking expert advice.

Finally, the retail sector as a whole should consider whether it can help shape the outlook of future regulation on cybersecurity. Member States are currently consulting on the implementation of the Directive and it may be that retail organisations can use this opportunity to feedback on the proposed legislation.

Email this article to a friend

You need to be logged in to use this feature.

Please log in here

Subscribe For Retail News


Retail Human Resources Summit
Retail Human Resources Summit
Wednesday 3 October 2018
The Cavendish Conference Centre, London W1
The 10th HR Summit 2018, The Cavendish Conference Centre, London W1, 3rd October 2018
The Retail Design Summit 2018
The Retail Design Summit 2018
14 November 2018
The Cavendish Conference Centre
The Retail Design Summit 2018
Omnichannel Futures Conference 2019
Omnichannel Futures Conference 2019
6 February 2019
Cavendish Conference Centre, London WG1 9DT
A truly omnichannel offering requires an understanding of customer behaviour across all shopping channels and how this should impact your overall business strategy
Customer Engagement Conference 2019
Customer Engagement Conference 2019
5 June 2019
Cavendish Conference Centre, London W1
The 10th Annual Retail Customer Engagement Summit
National Minimum Wage Breakfast Briefing
National Minimum Wage Breakfast Briefing
20 September 2018
6th Floor 1, St. Martin's Le Grand London, EC1A 4AS
National Minimum Wage Breakfast Briefing