The retail industry is being increasingly targeted by cyber-attacks, according to legal experts.
According to data from the Information Commissioner’s Office, the number of retail businesses reporting data breaches has doubled in the past year, rising from 19 cases in 2015/16 to 38 in 2016/17.
London law firm RPC claimed that the risks involved in data breaches were increasing because retailers were accumulating more and more personal information from customers as part of their ‘big data’ initiatives.
The rise of online shopping, loyalty programmes, digital marketing and digital receipts, it said, meant that even small retailers were now gathering information that hackers are seeking.
However, RPC argued that the retail industry is now beginning to feel more pressure to increase investment in cyber-security, particularly with the General Data Protection Regulation (GDPR) coming into force in May 2018.
The GDPR will introduce rules that would make reporting breaches mandatory, increasingly the financial risks involved in data losses.
Jeremy Drew, partner at RPC, commented: “Retailers are a goldmine of personal data but their high profile nature and sometimes ageing complex systems make them a popular target for hackers.
“There are so many competing pressures on a retailer’s costs at the moment – National Minimum Wage rises, rates increases, exchange rate falls, as well as trying to keep ahead of technology improvements – that a proper overhaul of cyber defences can get pushed onto the back burner.”
As reporting data breaches is not currently mandatory, Mr Drew claimed that the actual number of breaches is likely to be even higher.
He added: “As the GDPR threatens a massive increase in fines for companies that fail to deal with data security, we do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained.
“No UK retailer wants to be in the position of some public examples who were forced to confirm that it took them nearly a year to close a data security breach.”
Ryan Wilk, vice-president for consumer success at NuData Security, said: “In today’s online, big-data-driven economy, retailers have never been privy to so much sensitive customer information. Even things that might seem relatively benign on the surface can be used for malicious purposes, or can be used in social engineering or phishing tactics in order to gain more dangerous information. For this reason, all organisations need to make the protection of customer data a priority, and need to move past the password authentication model and embrace a model that engages with passive biometric solutions, which provide customers data with extra layers of protection, without creating any excess customer friction.”
