• British Retail Consortium creates toolkit to boost retailers' cyber defences
  • National Cyber Security Centre, a part of GCHQ, also supporting toolkit
  • Last year, retailers spent £186 million on cybersecurity

As part of its strategy to increase cyber resilience amongst retailers, the British Retail Consortium (BRC) has worked alongside experts at the National Cyber Security Centre (NCSC), a part of GCHQ, to develop a new toolkit which supports business leaders take steps to reduce the threat of a successful attack.

The Cyber Resilience Toolkit for Retail is an actionable guide specifically designed for non-cyber experts, such as Board members, those in senior strategic roles, and start-up businesses. It highlights the threats faced by retailers, key questions to consider when developing cyber resilience strategies, and guidance on the types of protections retailers should implement. The toolkit outlines recommended actions for retailers in:

  • Preventing breaches through stronger protections
  • Preparation to mitigate the impact of a successful breach
  • Recovering after a cyber attack
  • Developing and embedding a positive cyber resilience culture at Board level

Retail has one of the most advanced digital offerings of any industry and has thus become one of the most targeted. Retail firms are constantly striving to improve the shopping experience and spent £186 million in the past year on deploying cutting-edge systems to protect their customers and prevent future breaches.

There has been a huge shift to online commerce since the start of the coronavirus pandemic. In May 2020, online sales counted for over a third of all retail sales (32.8%), which is a big jump from 18.8% a year earlier.

Furthermore, processes across the supply chain are being rapidly digitised and automated: from e-commerce, cloud systems and shift patterns to payroll and procurement. Greater dependence on these technologies has brought more cyber risk and hackers are becoming increasingly sophisticated in their tactics. Now more than ever, it is crucial that retailers remain vigilant and adhere to necessary security protocols to combat these emerging threats.

Helen Dickinson OBE, Chief Executive of the British Retail Consortium:
“In recent months, the use of technology in the retail industry has evolved as retailers adapt to new consumer habits and the challenges of the pandemic. Last year, retailers spent over £186 million on cybersecurity, but the growth in online selling means there is an increasing threat of new cyber breaches and sophisticated hacking techniques. As a result, retailers need to ensure their systems are watertight and up to date.

“This toolkit, developed with the input of the National Cyber Security Centre, will ensure all retailers, no matter their size or level of cyber expertise, are well-equipped to face the challenge of cyber security. This is yet another example of the BRC supporting retailers through the ongoing digital transformation. Furthermore, consumers must also play their part, and more must be done to educate the public on basic cyber hygiene so that they are able to browse and shop safely.”

Dr Ian Levy, Technical Director of the National Cyber Security Centre, said:
“We want to keep shoppers’ data, identity and privacy safe, and to ensure that the retail sector is well equipped to face the cyber challenges associated with an ever-more digital world.

“The new BRC toolkit has been written in a way that is clear and concise so that it can be understood by retailers and those with a cyber specialism.

“I urge all key-decision makers in the industry to familiarise themselves with the toolkit and act on it.”