The cyber-threat to the retail industry is significant and growing. Our Crime Survey 2019 reported that although retailers are spending 17% more on cybersecurity than last year, nearly 80% of those surveyed have seen an increase in the number of attacks and/or breaches.

The financial consequences of a cyber-attack can be huge and retailers, of all sizes, need to ensure they can effectively respond to and recover financially from a cyber-breach if the worst should happen.

Why is the retail industry at such risk?

Retailers are very tempting targets for hackers because of the sheer amount of business being done and the scale of systems and data being held.

Retailers are investing in and bolting on new tech at significant rates to help streamline and speed up their business processes and customer buying journeys, heightening the risk of importing unknown vulnerabilities.

Retailers are also holding increasing amounts of personal data in line with the drive for greater customer personalisation.

The combination of more data, large scale systems and accumulation of new technology at speed – means retailers are a prime and often vulnerable target

What are the financial impacts?

The financial costs of a cyber-attack can be huge. It’s worth thinking about it in a couple of ‘buckets’. Sales will be affected if systems need to be switched off in the event of a breach. With hackers targeting retailers at peak trading points in the year, including x-mas and increasingly Black Friday – the impact on annual turnover can be significant.

There are also costs associated with reporting the breach and legal representation, as well as potential fines from the Information Commissioner’s Office - which can be levied of up to 4% of global turnover.

A major breach can also have wider implications for both the immediate and future financial health of the business, with a drop in share price and potential custom resulting from the reputational fall-out. Reputation can be the most valuable commodity – the future of retail looks to be increasingly personalised and web-enabled, and the licence to innovate, and survive, is in part tied up with your consumers willingness to share their data in return for better products, services and prices.

TalkTalk were efficient and effective in responding to their cyber-breach. But it still cost them £77m, a 10% drop in share price in 2 days and the loss of 90k customers.

Understand the threat and response

The days of cyber-security being the reserve of IT departments are over. Businesses need to think differently.

Retailers, in particular, need to understand the nature of the threats they face and how to secure their most valuable assets.

It’s the collective responsibility of the Board to ensure they have taken all possible preventative steps and have a robust plan in place to respond if the worst should happen.

With the financial risks and consequences so high, finance leaders need to be at the very centre of business preparedness and planning for a cyber-attack.


James Martin // Crime and Security Advisor // BRC

Get free advice and guidance - Join Our ROUNDTABLE 23 OCTOBER

We’re joining together with Lloyds to help you understand and manage your financial exposure to potential cyber-attacks.

Join our upcoming roundtable with myself and Giles Taylor, Head of Data and Cyber Security, Lloyds Commercial Banking Services, to get practical expert advice and guidance on the strategies and tools you can put in place to effectively prepare for, respond to and recover financially in the event of a cyber-breach.

You can register here