Today’s digital technologies allow retail businesses to create in-store management efficiencies, and to connect online with customers around the globe. But those same technologies can make retailers vulnerable to cyber risks — risks that can fatally damage the overall health of your brand and business.

While in-store computer systems and consumer-facing websites are a boon for retailers and their customers, the data they collect and maintain — credit card numbers, personal addresses, and other types of sensitive information — makes them a target for cyber crime.

 

With this ever-more sophisticated and increasing cyber risk, come obligations —to your customers’ privacy and to keep up with a multitude of global and local regulations governing those obligations.

 

Despite the best intentions of a retail entity, cyber breaches can happen. Here’s a primer on cyber crime — and some tips on how retailers can mitigate that risk.



Retail Data Security Dangers in Brief

To cybercriminals, data is profit. Hackers use vulnerabilities to gain access to a system, using methods and software that are ever changing and ever more sophisticated. Here are a few terms that retailers should know:



  1. Phishing —  One of the simplest and most common cyber crimes, this relies on an employee clicking into a phony email. This then releases malicious software (malware) and allows bad actors to access the company’s systems.

  2. Denial of service (DDoS) attack — Also employing the use of malware, these attacks overload and shut down a retailer’s website to enable access to the system and its data.

  3. Ransomware — Software released into the system to shut it down and take it “hostage.” The cyber criminal then demands ransom (generally in untraceable crypto currency) in exchange for providing a key to “release” the system.

What all of these have in common is that they disrupt business and can cost retailers hundreds of thousands of dollars in lost revenues, legal expenses, fines, and reparation costs. Reparations usually necessitate not only technical and financial experts, but also public relations professionals, because of the potential damage to customer trust and brand loyalty. In all, the resourcing and the expense can be enough to seriously cripple or even shut down a retail business.



Business owner on the phone

Cyber Security Risk Management Advice for Retailers

Of course, the best defence against cybercrime is to be on the offence. Here are some tips to protect against this ever more present and growing threat:



  1. Diligently manage your data
    Create a data map and a data retention policy that allow employees to understand what data your organisation collects and maintains, how long it should be kept, etc. This is crucial information for risk assessment and, in the event of a breach, a critical part of a cyber response plan.
  2. Secure your network

    You have an obligation to take defensive measures to protect your retail systems and your customers’ personal and financial information. Data security measures include:  installing two-factor authentication for employees and customers; using chip-enabled card technology; and employing end-to-end encryption.
  3. Understand the regulatory landscapes

    A retailer’s regulatory burden can be complex and varies greatly depending on the products, the physical locations of the business, and where its customers are located. Globally, the regulations are changing as quickly as the cyber threats. Understanding the specific laws and regulations to which your operation is subject is critical to ensuring compliance and avoiding sanctions or fines.

  4. Choose your vendor partners carefully
    Outsourcing part of your operation may not outsource your liability. If your vendors are exposed, you may be exposed and ultimately liable for any loss, so it is important to choose partners who demonstrate strong cyber vigilance and who invest in a comprehensive cyber insurance policy.
  5. Educate your employees

    The majority of retail cyber breaches originate internally. Poor employee cyber hygiene — like repeating passwords, email laxity, and failure to use a secure internet — is a proven cause. Written and enforced cyber security policies and regular staff training can greatly lower this risk.

  6. Have a cyber response plan and team in place

    When the worst happens, knowing what and who your resources are can mean the difference between quick and efficient response time, and excessive business days and profits lost. The response team may be both internal and external — I.T. staff, risk manager, cyber response consultant, forensic accountant, insurer, crisis P.R. team, etc.

  7. Invest in cyber insurance with an expert partner

    A global insurance company with both retail and cyber expertise can help assess and manage your risk, customise a policy aligned with your business, understand local regulations, provide resources to train your employees, connect you to cyber response and reparation professionals — and, of course, mitigate any business losses or expenses.

Learn More: Cyber Insurance
Explore how Chubb can help protect your business from cyber risks.
Explore how Chubb can help protect your business from cyber risks.

This content is brought to you by Chubb Insurance Australia Limited (“Chubb”) as a convenience to readers and is not intended to constitute advice (professional or otherwise) or recommendations upon which a reader may rely. Any references to insurance cover are general in nature only and may not suit your particular circumstances. Chubb does not take into account your personal objectives, financial situation or needs and any insurance cover referred to is subject to the terms, conditions and exclusions set out in the relevant policy wording. Please obtain and read carefully the relevant insurance policy before deciding to acquire any insurance product. A policy wording can be obtained at www.chubb.com/au, through your broker or by contacting any of the Chubb offices. Chubb makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content. Readers relying on any content do so at their own risk. It is the responsibility of the reader to evaluate the quality and accuracy of the content. Reference in this content (if any) to any specific commercial product, process, or service, and links from this content to other third party websites, do not constitute or imply an endorsement or recommendation by Chubb and shall not be used for advertising or service/product endorsement purposes. ©2020 Chubb Insurance Australia Limited ABN: 23 001 642 020 AFSL: 239687. Chubb®, its logos, and Chubb.Insured.SM are protected trademarks of Chubb.

Have questions?

Contact a broker today.

Insights & Resources

We keep you informed – and your business protected – with these helpful articles.

Cyber
Cyber Case Studies for SMEs
Understanding how your business could be affected by a cyberattack and preparing an incident response plan could save you from financial ru
Cyber
Don’t play cyber risk "dominos" with your business
Cybersecurity risks are critically challenging for businesses, with the potential to cause severe business disruption and financial impact.