Cyber attacks on retail double
The number of retail businesses reporting cyber security breaches has doubled in just one year, fresh data shows.
The number of reported attacks received by the Information Commissioner swelled from 19 in between 2015 and 2016 to 38 in from 2016 to 2017, City-headquartered law firm RPC found.
RPC said the risks involved in data breaches are increasing as retailers accumulate more personal information on their customers as part of their ‘Big Data’ initiatives.
The rise of online shopping, loyalty programmes, digital marketing and electronic receipts mean even a small retailer can be gathering the kind of data hackers are looking for.
RPC adds that the retail industry is beginning to feel the pressure to invest more heavily in cyber-security.
Jeremy Drew, Partner at RPC, said: “Retailers are a goldmine of personal data but their high profile nature and sometimes aging complex systems make them a popular target for hackers.
“There are so many competing pressures on a retailer’s costs at the moment – NMW rises, rates increases, exchange rate falls, as well as trying to keep ahead of technology improvements – that a proper overhaul of cyber defences can get pushed onto the back burner.”
RPC added that the regulatory burden and financial risks involved in a data breach will increase substantially when the General Data Protection Regulation (GDPR) comes into force in May 2018. These rules will make reporting breaches mandatory.
Jeremy Drew added: “As the GDPR threatens a massive increase in fines for companies that fail to deal with data security, we do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained.
“No UK retailer wants to be in the position of some public examples who were forced to confirm that it took them nearly a year to close a data security breach.”
