In the last several years, retailers have increased the speed with which they have built online and mobile app presence. With this evolution into digital sales and the increased use of data mining, retailers are facing unprecedented challenges in digital security. Cyberattacks and network outages can disrupt operations and erode customer loyalty.
This article delves into the evolving threat landscape, examining the impact of these disruptions on retail operations and exploring proactive measures for safeguarding businesses, customer data and reputations.
The Evolving Threat Landscape
Retailers increasingly rely on digital platforms for sales, inventory management and customer engagement. A network outage can mean lost sales in the short term, as shoppers simply move to another brand for that purchase, or losses in the long term if that customer does not return. A cyberattack that compromises customer personal information can diminish the trust consumers place in a brand.
Similarly, a ransomware attack can involve not only customer data but also brand secrets that could lead to loss of competitive edge. In addition to revenue and reputation impacts, there are costs involved with breaches, from identity theft notification to fines, penalties and potential lawsuits. A study by IBM Security found that the average cost of a data breach in 2023 was $4.24 million, underscoring the significant financial impact of such incidents.
Advertisement
To combat these challenges, retailers must adopt a multi-faceted approach to cybersecurity. This includes implementing robust security protocols, regular system audits, employee training and investing in advanced cybersecurity technologies.
Robust Security Protocols
Retailers should establish and maintain strong security protocols such as:
- Secure socket layer (SSL) encryption
- Firewalls
- Systems intrusion detection systems
- Multi-factor authentication protocols
- Complex password requirements
- Segmentation of systems
By implementing a segmentation and access control policy, retailers can ensure that devices and users only access systems and data appropriate for their role. In the store environment, retailers need to evaluate the physical security of POS terminals and self-scanning technology. All these measures can help protect against unauthorized network access and data breaches.
Regular System Audits and Risk Assessment
Conducting regular audits of systems will help identify and address vulnerabilities before they are exploited by cybercriminals. Some cases in point include:
- In 2013, Target experienced a data breach where hackers accessed their customer credit card information by exploiting a weakness in the HVAC system’s network connection.
- In 2014, cybercriminals used a third-party vendor’s credentials to enter Home Depot’s network and deployed malware on the self-checkout systems to steal customer information.
Vendor audits and risk assessments could have identified the risk posed by third-party software integrations and network access points, which could have prevented these types of breaches.
Employee Training
Avoiding human error is often the first line of defense against cyber threats. Providing regular employee training on cybersecurity best practices, such as recognizing phishing attempts, is seen as industry standard in avoiding breaches. A recent Gartner survey highlighted critical aspects of how current cybersecurity employee training may not be enough.
- 69% of employees had bypassed their organization’s cybersecurity guidance in the past 12 months.
- 74% admitted they would ignore cybersecurity practices if it helped them achieve a business objective.
Training is needed that goes beyond stating rules and consequences. It should also be focused on ethical considerations as well as emphasizing the impact of cybersecurity breaches on personal and professional relationships.
Advanced Cybersecurity Technologies
Investing in advanced technologies like artificial intelligence (AI) can help in the early detection and response to cyber threats by analyzing patterns to predict potential breaches. According to a McKinsey & Company report, the integration of AI-driven security systems in retail has brought about a notable decline in the incidence of cyberattacks.
While the report primarily focuses on how AI can optimize store layouts and marketing strategies, there is an underlying message on data security. The report discusses how digital solutions like AI and machine learning not only enhance operational efficiency but also fortify cybersecurity measures.
Retailers can further reduce risks by:
- Procuring cyber liability insurance coverage to transfer some of the risk.
- Conducting a third-party audit of cybersecurity protocols.
- Ensuring business continuity plans include appropriate responses to network outages, breaches and ransomware attacks.
As the retail industry continues to navigate an evolving digital landscape, the importance of robust cybersecurity measures is key. Understanding the threats, assessing the potential impacts and implementing a comprehensive strategy can safeguard operations, protect customers and maintain reputations. This proactive approach to cybersecurity is an essential component of sustainable business practice in the landscape today.
Amy S. Mattle is Retail and Distribution Leader – North America and Global Client Advocate at WTW. She has worked with several global companies focusing on risk management strategy. Her team consists of over 50 brokers, service specialists and consultants focused on risk management and insurance for the retail, wholesale and distribution of consumer goods. Mattle’s background is in servicing Fortune 1,000 multi-national accounts on property, casualty and executive risk lines, including cyber, in the retail and wholesale space. Her expertise includes risk management consultation, strategy and placement of global risk financing programs, risk management program design, coordination of loss control, claims management and overall account services across all lines of insurance and areas of consultancy. She has her Associate in Risk Management (ARM) designation and holds a Master’s in Business Administration with an emphasis on Strategic Management from St. Mary’s College of California.
