Skip to main content
Suggested Searches

Protect Your Retail Business from Cyber Crime


Today’s digital technologies allow retail businesses to create in-store management efficiencies, and to connect online with customers around the globe. But those same technologies can make retailers vulnerable to cyber risks — risks that can fatally damage the overall health of your brand and business.

While in-store computer systems and consumer-facing websites are a boon for retailers and their customers, the data they collect and maintain — credit card numbers, personal addresses, and other types of sensitive information — makes them a target for cyber crime.

With this ever-more sophisticated and increasing cyber risk, come obligations —to your customers’ privacy and to keep up with a multitude of global and local regulations governing those obligations.

Despite the best intentions of a retail entity, cyber breaches can happen. Here’s a primer on cyber crime — and some tips on how retailers can mitigate that risk.


Retail Data Security Dangers in Brief

To cybercriminals, data is profit. Hackers use vulnerabilities to gain access to a system, using methods and software that are ever changing and ever more sophisticated. Here are a few terms that retailers should know:

  1. Phishing — One of the simplest and most common cyber crimes, this relies on an employee clicking into a phony email. This then releases malicious software (malware) and allows bad actors to access the company’s systems.  

  2. Distributed Denial of service (DDoS) attack — Also employing the use of malware, these attacks overload and shut down a retailer’s website to enable access to the system and its data.

  3. Ransomware — Software released into the system to shut it down and take it “hostage.” The cyber criminal then demands ransom (generally in untraceable crypto currency) in exchange for providing a key to “release” the system.


What all of these have in common is that they disrupt business and can cost retailers hundreds of thousands of dollars in lost revenues, legal expenses, fines, and reparation costs. Reparations usually necessitate not only technical and financial experts, but also public relations professionals, because of the potential damage to customer trust and brand loyalty. In all, the resourcing and the expense can be enough to seriously cripple or even shut down a retail business.


For more key cyber security terms, check out Cyber Security Terms You Need To Know. 



Cyber Security Risk Management Advice for Retailers

Of course, the best defense against cybercrime is to be on the offense. Here are some tips to protect against this ever more present and growing threat:


  1. Diligently manage your data

    Create a data map and a data retention policy that allow employees to understand what data your organization collects and maintains, how long it should be kept, etc. This is crucial information for risk assessment and, in the event of a breach, a critical part of a cyber response plan.

  2. Secure your network

    You have an obligation to take defensive measures to protect your retail systems and your customers’ personal and financial information. Data security measures include:  installing two-factor authentication for employees and customers; using chip-enabled card technology; and employing end-to-end encryption.

  3. Understand the regulatory landscapes

    A retailer’s regulatory burden can be complex and varies greatly depending on the products, the physical locations of the business, and where its customers are located. Globally, the regulations are changing as quickly as the cyber threats. Understanding the specific laws and regulations to which your operation is subject is critical to ensuring compliance and avoiding sanctions or fines. 

  4. Choose your vendor partners carefully

    Outsourcing part of your operation may not outsource your liability. If your vendors are exposed, you may be exposed and ultimately liable for any loss, so it is important to choose partners who demonstrate strong cyber vigilance and who invest in a comprehensive cyber insurance policy. 

  5. Educate your employees

    The majority of retail cyber breaches originate internally. Poor employee cyber hygiene — like repeating passwords, email laxity, and failure to use a secure internet — is a proven cause. Written and enforced cyber security policies and regular staff training can greatly lower this risk. 

  6. Have a cyber response plan and team in place

    When the worst happens, knowing what and who your resources are can mean the difference between quick and efficient response time, and excessive business days and profits lost. The response team may be both internal and external — I.T. staff, risk manager, cyber response consultant, forensic accountant, insurer, crisis P.R. team, etc. 

  7. Invest in cyber insurance with an expert partner

    A global insurance company with both retail and cyber expertise can help assess and manage your risk, customize a policy aligned with your business, understand local regulations, provide resources to train your employees, connect you to cyber response and reparation professionals — and, of course, mitigate any business losses or expenses.


Learn more about Chubb’s retail and cyber capabilities and resources. 



All content in this material is for general information purposes only. It does not constitute personal advice or a recommendation to any individual or business of any product or service. Please refer to the policy documentation issued for full terms and conditions of coverage.
Chubb European Group SE (CEG) is an undertaking governed by the provisions of the French insurance code with registration number 450 327 374 RCS Nanterre. Registered office: La Tour Carpe Diem, 31 Place des Corolles, Esplanade Nord, 92400 Courbevoie, France. CEG has fully paid share capital of €896,176,662. UK business address: 100 Leadenhall Street, London EC3A 3BP. Authorised and supervised by the French Prudential Supervision and Resolution Authority (4, Place de Budapest, CS 92459, 75436 PARIS CEDEX 09) and authorised and subject to limited regulation by the Financial Conduct Authority. Details about the extent of our regulation by the Financial Conduct Authority are available from us on request.

Contact us
Contact us

Have a question?

Talk to an expert.