The BRC has today launched a cyber security ‘toolkit’ that will provide retail businesses of all sizes with a practical, step-by-step guide to prevent and manage cyber security threats and protect the customers they serve.
The BRC Cyber Security Toolkit, launched in London today by the BRC and Home Office Minister Sarah Newton MP, is the first of its kind. The toolkit aims to provide retailers with practical guidance to ensure they have the appropriate preventative and response measures in place to reduce their vulnerabilities and to protect both themselves and their customers.
Sarah Newton MP, Minister for Vulnerability, Safeguarding and Countering Extremism launches the Toolkit:
For retailers, the online market has seen huge growth in recent years with online sales growing by around 10 to 15 per cent each year. The same period has seen the parallel rise of ever more elaborate forms of cyber-related crimes such as ‘doxing’, ‘whaling’ and ‘spoofing’ against both retail businesses and online shoppers. In developing this toolkit, the BRC and its members were driven by a desire to keep pace with the evolving risks associated with operating online and also to ensure they meet customer expectations around the protection of personal data.
The toolkit’s recommendations to retail businesses include: establishing cyber security as a board level issue, retail-specific information-sharing, completing a cyber security risk assessment, and creating an incident response plan. The toolkit also provides a guide to preparing, responding, recovering and reviewing attacks.
Consumers spend approximately one in four pounds online. According to the BRC Annual Retail Crime Survey 2016, an estimated 53 per cent of reported fraud in the retail industry is cyber-enabled, which represents a total direct cost of around £100 million.
HUGO ROSEMONT, POLICY ADVISER ON CRIME & SECURITY AT BRC, SAID:
“The UK is one of the leading e-commerce markets in the world. The BRC Cyber Security Toolkit is designed to equip British retailers with the know-how, guidance and practical support that will help the industry stay ahead of the ever evolving threats posed by cyber-related criminality. All parts of the retail industry have a large and growing stake in keeping customers safe and secure, and the industry is committed to ensuring the strongest possible measures are in place – all the way through from prevention to incident response.”
Sarah Newton, Minister for Vulnerability, Safeguarding and Countering Extremism said:
“Crime is changing and so the way we all work to tackle it must change too.
“We are already taking world-leading action to stamp out cyber crime and fraud, including investing £1.9 billion in cyber security over five years. But as we have said, the Government cannot do this alone.
“Businesses have a responsibility to take steps to protect themselves and their customers, which is why we are delighted that the BRC has introduced their Cyber Security Toolkit to help retailers to do so.”
DR IAN LEVY, TECHNICAL DIRECTOR AT THE NATIONAL CYBER SECURITY CENTRE, SAID:
“The retail sector is vital to the UK’s economic well-being and both the sector and its supply chain are increasingly reliant on online safety and security.
“The NCSC is delighted to be working with the BRC in finding innovative ways to make the UK a safe place for citizens, e-commerce, small businesses and large chains to do retail business online.
“We are committed to giving individuals and businesses of all sizes confidence to deliver success in our increasingly digitalised economy, and were pleased to support the development of this toolkit.”
The BRC Cyber Security Toolkit is available to download:
Notes to Editors
- The Cyber Security Toolkit for retailers was developed under the auspices of the BRC’s Fraud and Cyber Security Member Group and has benefitted from formal and informal consultation.
- Consumers spend approximately one in four pounds online: BRC- KPMG Online Retail Sales Monitor February 2017
- The BRC Annual Retail Crime Survey 2016 is here: http://brc.org.uk/media/116348/10081-brc-retail-crime-survey-2016_all-graphics-latest.pdf An estimated 53 per cent of reported fraud in the retail industry is cyber-enabled, which represents a total direct cost of around £100 million. Representing around 15% of the total cost of retail crime, cyber-enabled fraud covers traditional categories of deception (such as scams or other forms of social engineering) which, according to the Government’s definition, can be increased in scale through the use of computers or other information and communications technology (ICT). Cyber-crime, by contrast, are crimes (such as hacking to steal data) that can be committed only through ICT. As a conservative first estimate, this latter category represented a direct financial loss to the retail industry of around £36m in 2016.
- For detail on the character of threats including doxing, whaling and spoofing, the BRC Cyber Security Toolkit contains a Glossary of Cyber Security Threats and Terminology (pp.39-40).