By James Martin, Crime and Security Adviser, BRC

Every link in every retailer’s business uses its cyber security capabilities in some way. Knowing what customers will want to purchase and when comes from high-quality insight work based on accurate data. Having the right staff in the right location and with the right skills places a premium on a host of HR systems and capabilities.

Consequently, getting IT capabilities in general and cyber security right is mission critical for many retailers. As our own analysis shows, consumer behaviour is driving the industry towards ever more effective ways of applying its cyber capabilities: the BRC-Google Online Retail Monitor, published on 4th August, showed that search volumes maintained year-on-year growth of seven per cent in the second quarter of 2017 with search volumes on smartphones up by over 25 per cent in 12 months.

On the vast majority of occasions, the systems work securely and effectively, keeping the customer experience smooth and safe. But protecting that environment is central to retaining customer trust and demand and, ultimately, company value. Research earlier this year by Oxford Economics found the costs of successful cyber-attacks go well beyond the direct losses to include the company’s share price. Across the severe cyber breaches studied the average fall in share price the following week caused directly by the breach was 1.8 per cent. In one example, total share value fell by 15 per cent following an attack and its consequences.

To help our members meet those challenges, we’re proud to work with key private, public and not-for-profit sector partners to play our role in that continuing development. We set up the Cyber Security Student Challenge to generate fresh thinking on these issues. We asked students at UK based higher education establishments to identify the key future cyber-security challenges for retailers and, perhaps most importantly, to suggest solutions. The response was excellent with the entries showing considerable thought, innovation and problem-solving. But there must always be a winner, or in this case first, second and third-placed entries, as judged by a panel of eminent cyber-security academics.

The winning entry, by Andreas Haggman, currently studying for a PhD in Cyber Security and Geopolitics at Royal Holloway, University of London, demonstrated some innovative thinking about the point of sale in “bricks and mortar” retailing, an area in which many might not see a strong cyber-security angle. But as Dr Tim Stevens of King’s College London put it, Andreas’ entry “thinks about where future threats might arise and makes concrete recommendations for improving security and practice”. As part of his prize, and as well as his financial reward, Andreas will present his paper to a meeting of the Fraud and Cyber Security Member Group.

The second placed entry, by D. Phil student Richard Hallows of the University of Buckingham’s Centre for Security and Intelligence Studies, took a wider view of the issue including consideration of the potential impact of wider infrastructure and of supplier’s businesses on a retailer’s cyber-security. Interestingly, one of Richard’s key recommendations was for greater partnership between government and businesses in this area, which Danielle Jukes, of the University of St. Andrews, also did in her third placed entry. Stronger partnership working is precisely one of the things which the BRC continues to facilitate for its members.

Each entry will be circulated to our members and we trust that, alongside the BRC’s Cyber Security toolkit, the insight they provide will help to drive even clearer thinking about how retailers make sure that their systems remain secure as they make better use of IT to service their consumers’ needs.

For more information about the BRC’s Fraud and Cyber Security Member Group, please contact