Key strategies for retailers to weather cyber attacks

Someone typing at a keyboard, with an ecommerce shopping cart symbol floating in the air.
(Image credit: Song_About_Summer / Shutterstoc)

The confluence of the Covid-19 pandemic and the significant shift to online shopping led to a surge in ecommerce fraud. According to research from Statista, online shopping and auction fraud in the UK increased by 37% between the first half of 2019 and the first half of 2020. With an estimated 2.14 billion people worldwide now buying goods and services online in 2021, retail sectors will continue to be an increasingly prominent target for cybercriminals.

About the author

Jim Herbert is General Manager and Vice President of BigCommerce EMEA.

According to research from Keeper Security, 60% of respondents experienced a cyber attack last year. In March 2020, high-street pharmacy Boots was forced to suspend loyalty card payments after an attempted cyber attack which aimed to use stolen passwords to compromise customers' accounts. While any breach can be difficult for a brand to navigate, it can be particularly devastating for smaller businesses operating with lower margins. Although retailers can and should take all possible preventative measures, there is always an inherent risk to the security of customers’ accounts.

Establishing trust and building “forgivability” with consumers can protect a brand’s bottom line and in the long term should something go wrong. Forgivability is achieved by continually demonstrating that the brand operates in a responsible and proactive way and that it is open about security practices. In the event that a business suffers a breach, the reputational impact on the company will likely be tempered by the perception and trust it has already built with customers and the wider public.

Consumers are generally aware that doing business in an electronic world carries a certain amount of risk. However, the question for shoppers is whether the company they have chosen to trust with their business is doing everything possible to protect their personal information. The answer to that question could be the deciding factor in whether a brand survives a breach.

Here are some of the important steps retailers can take to protect their brands against the next cyber attack and build forgivability with customers. 

Reiterate the importance of cybersecurity measures to employees 

Retailers should ensure the entire team understands the importance of cybersecurity to both the company’s reputation and financial well-being. Many organizations may choose to hire a chief information security officer (CISO); however, this is not the only person on the team who should make cybersecurity a priority. Every employee should understand the importance of protecting customers’ data and the steps required to enable strong enterprise security.

A good security culture shouldn’t only rely on the IT department; it should be a team effort. Therefore, retailers should look to adopt and implement a solid cybersecurity training program for employees. Employees are one of the most important parts of a company’s security equation; they are like the firewall against several common types of cyber attacks including phishing and social engineering. A good security program isn’t just a combination of different cyber security tools, it is a trained team that is constantly vigilant and ready for the next threat. 

Strengthen infrastructure security 

Customers are much more likely to forgive a breach if they know a company had every measure possible in place to prevent it. According to research from cyber security firm Tripwire, 78% of retailers adopted more IT security precautions for the 2020 holiday shopping season. This was due to the rise in online retail fraud as consumers turned to online shopping following the pandemic.

Strong enterprise security requires multiple layers to confirm that customer data is safe across all channels, including mobile devices. Invest in more than just meeting the basic standards. In the event of an attack, it is important for retailers to be transparent with customers about how the attack happened and the planned strategic measures to mitigate future risk.

Communicate cybersecurity measures to customers  

Retailers should communicate regularly with customers, educate them on cybersecurity risks as well as steps they can take to protect themselves. Businesses should also communicate security updates with customers to further build trust and provide transparency into its processes.

Educating customers on the importance of picking strong, unique passwords cuts down on risk too. According to the 2019 Verizon data breach investigation report, 29% of all breaches involved the use of stolen credentials. Therefore, businesses should emphasize the importance of using unique passwords.

Forgivability will be earned once customers understand that security is always a company's top priority and that it is constantly working to improve security measures to protect their personal information.  Although cyber attacks will continue to happen, it is often the response to an incident that people will remember long-term.

As online shopping continues to grow and evolve, it presents additional business opportunities for retailers but also leaves them vulnerable to increased cyber security risks. Establishing trust and building forgivability with customers can help reduce the financial and reputational impact of a cyber attack, if – and more likely when – this worst case scenario occurs.

At TechRadar, we've featured the best antivirus software.

Jim Herbert is GM and VP of BigCommerce EMEA. An ecommerce veteran of 22 years, technology has always been his passion and since studying Computer Science at university back in the early ’90s, he has since taken on a variety of roles within the industry, as well as running his own eCommerce agency until 2015.