Managing cyber risk in retail: A winning strategy

08 March 2017

Information is power. As retailers, you have an enviable volume of data at your fingertips. By analysing this data you can make strategic decisions to enhance the customer experience, from personalised offers and recommendation engines to the development of new products. Customers no longer get excited about personalisation, they expect it.   

And the situation gets more complicated. No longer is retail confined to bricks-and-mortar. Customers are increasingly embracing omnichannel shopping; our latest Total Retail research shows that just under 40% of UK shoppers now purchase goods through their mobile devices on a monthly basis or more frequently– it seems that m-commerce is on the march to becoming the shopping channel of choice. Whilst innovation in technology certainly brings exciting possibilities for the sector, offering retailers more ways to connect and engage with customers across devices (via mobile, tablet, PC, wearable technology, virtual and augmented reality), the use of new technologies and multi-device log-ins also brings fresh security threats from new angles.

With so much personal data now shared across so many channels, ensuring you keep your customers’ data secure is one of the most important business challenges to address. Your brand reputation is only as safe as your data, and employee and customer records remain top targets for cyber-attacks. Cyber security is at the front of your customers’ minds; 60% of consumers in our 2016 Total Retail survey expressed concerns over having their personal credit card information hacked whilst using a mobile device.

The importance of trust cannot be underestimated. Our latest Total Retail survey shows that 59% of consumers will only shop with companies they trust as a way to prevent security and fraud whilst shopping online.  A further 57% will only use payment providers they trust, such as Paypal. It is therefore imperative that current and prospective customers can trust your brand with their personal data.

Unfortunately, as the amount of data handled increases, so do the number of threats. PwC’s annual Global State of Information Security Survey 2017 found that organisations in the retail and consumer sector suffered on average over 4,000 security incidents over the preceding 12 months. 16% of organisations surveyed suffered losses of over $1 million as a result of these incidents.   Because of these threats, many retailers and consumer companies are looking at new ways to protect their data including point to point encryption, next- generation firewalls and tokenisation.

But cyber security is not just about investing in technology. It also involves investing in people, information, processes, culture and the physical environment. A human factor is often the cause of a breach – the GSIS Survey showed that 33% of security incidents involved phishing emails and that it is often a junior, non-technical employee who is vulnerable.

It’s therefore important to look beyond the IT department and bring together cross-functional teams across legal, risk, change management, marketing and human resources to create a holistic approach to managing cyber security.

The whole organisation should be engaged on cyber security. Moving beyond a technology-only approach to managing cyber security risks and towards a culture geared to managing risk of issues across the whole business is key. Be sure to ask yourself if, and where, your approach to cyber security could be putting your reputation at risk.  Taking a holistic approach to managing cyber risk helps bring peace of mind for you and your customers and ultimately, protects your company’s future growth, reputation and brand equity.

Explore our further insights on cyber security:

Craig Skelton | Assurance Partner
Profile | Email | +44 (0)207 804 9418

Read more articles on