How to navigate retail’s changing cyber threats


This article is brought to you by Retail Technology Review: How to navigate retail’s changing cyber threats.

Simon Hughes, SVP, Global Distribution & General Manager Cowbell UK, explores the evolving cyber threats facing retailers, and how to proactively safeguard operations and maintain customer trust in an interconnected digital landscape.

We’re all aware that the retail sector is changing, and changing fast. But the past half year or so in particular has played witness to some huge evolutionary shifts, seeing technological dependence and cybersecurity vulnerabilities go hand-in-hand.

On the one side, retailers’ heightened reliance on technology, both in physical stores and online platforms, has been giving them that much-needed competitive edge in an increasingly digital market. From the seamless interface of e-commerce websites to the widespread adoption of digital payment methods and QR codes, technology has become the backbone of modern retail operations. And of course, the integration of AI has fuelled this shift even moreso, revolutionising inventory management, delivering hyper-personalised customer experience, and even providing frontline assistance through chatbots.
On the other side, however, with greater dependence on technology comes greater susceptibility to its pitfalls. Any disruption or compromise in these technological systems could spell considerable loss of profits and irreversible damage to a retailer’s reputation. And we’re not just talking about system failures here. 
In the last 12 months alone, giants in the sector including Vans, Fujitsu, Sony and Forever21 have all fallen victim to a cyberattack - and those are just the ones making the news. According to the British Retail Consortium’s 2024 Crime Survey Report, 57% of retailers reported an increase in cyberattacks and breaches, and at least 90% have now reported that cyberattacks have either stayed the same or increased every year since 2015. 
As well as the emergence of ransomware attacks and the tactic of double extortion - whereby cyberattacks not only encrypt critical data but also threaten to expose it unless a ransom is paid - some of the biggest failure points we’ve seen revolve around a heavy reliance on payment processors, susceptibility to data breaches through third-party processors, and the vulnerability to supply chain disruptions. 
The rapid increase of just-in-time supply chains in particular has heightened the dependency of retailers on third-party logistics partners. A failure within this network can have far-reaching consequences, disrupting the flow of goods and leading to delays in deliveries, stock shortages, and ultimately, dissatisfied customers.
As the global ecommerce market continues to strengthen, we’ve also seen an increased reliance on single e-commerce platforms, which has introduced a potential single point of failure for businesses. With cash transactions becoming increasingly rare, any outage in payment processing systems, whether online or in-store, could also significantly impede sales and tarnish customer experiences. In fact, according to research by BridgerPay, 62% of customers who experience payment failure during the course of a transaction won’t return to it – or the business.

Prevention, protection and recovery

Whether businesses are online, offline or omnichannel, smaller independents or larger retail consortiums, it’s clear that more vulnerabilities than ever before are being brought to retailers’ tables. 
However, tasked with learning how to stay competitive in uncertain times, the retail sector should be celebrated for being at the forefront of harnessing change through the adoption of tech-powered solutions - despite the fact it amplifies the risk of attack. But robust measures need to be put in place to prevent and protect against cyber-related incidents, or the risks to these changemakers will only grow.
Despite the fact the BRC found that expenditure on cybercrime prevention was £177 million, up by 17% (£25 million) from the previous year - almost the highest ever and representing 15% of all expenditure on crime prevention - the vast majority of businesses remain woefully unprepared.
A recent survey showed that 77% of UK SMEs do not have any in-house security; only 19% have a cyber incident response plan in place; 32% of CEOS were confident a cyber attack would not impact their ability to do business; and 87% did not consider reputational damage as a significant risk to business.
So what exactly should retailers be proactively doing now to ramp up their prevention, protection and recovery tactics?

Step-by-step guide to establishing -  and maintaining -  good cybersecurity hygiene

  1. Understand risk exposure: Only by clearly understanding risk exposure, can retailers then develop targeted strategies to bolster their defences and mitigate potential cyber threats. This is where a comprehensive risk assessment comes in - which will help identify potential vulnerabilities across operations, including online platforms, payment processing systems, supply chains and customer data management processes.

  2. Invest in cybersecurity infrastructure: This includes implementing state-of-the-art security measures to protect customer data and transaction integrity. This includes deploying robust firewalls, encryption protocols, and intrusion detection systems. Regular security audits are essential to proactively identify and mitigate potential threats, ensuring a secure shopping experience for customers and safeguarding the retailer against cyber attacks.

  3. Create an Incident Response Plan (IRP): An IRP outlines procedures and protocols to be followed in the event of a cyber incident. This ensures that retailers can respond effectively and resume operations quickly after an attack, minimising downtime and protecting customer trust.

  4. Offer cybersecurity awareness training: One of the best ways to build a strong human firewall against cyber threats is through education and training. Whether it be phishing attempts, malware or another threat, if retail staff know how to recognise and respond to them effectively, the likelihood of successful attacks will be greatly reduced.

  5. Establish strategic partnerships with trusted cybersecurity vendors: Whether it’s industry associations, crime prevention agencies or cyber insurance providers, they can all provide retailers with access to expert guidance. Alongside creating a financial safety net, cyber insurance providers, for example, offer cybersecurity experts who know exactly how to handle cyber attacks. So, should a retailer be hit with an attack, rather than having to face uncharted waters, dealing with legal, regulatory, and reputational challenges, they instead have access to a pool of experienced professionals who can handle the claims process, offer insights and guidance, and help navigate incident response and recovery. Most cyber insurance providers also offer free risk prevention services with the purchase of their policy. These services encompass a range of proactive measures such as vulnerability assessments, threat intelligence, and cybersecurity training.

  6. Continuously monitor and adapt: Finally, it’s important to remember that cyber threats are constantly evolving, which means retailers need to adopt a proactive and adaptive approach to cybersecurity. Implementing continuous monitoring mechanisms, threat intelligence feeds, and real-time analytics can help retailers detect and respond to emerging threats swiftly, minimising the potential impact on their operations and customers.

Whether we embrace it or not, the retail sector is becoming increasingly digital and interconnected by the day - and with it, cyber threats are only rising. Adopting this holistic approach to prevention, protection, and recovery is the best way to face this challenge, and allows retailers to reap the benefits technology offers.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter