Recent months have seen a significant surge in cyberattacks targeting well-known retailers, including Marks & Spencer, Harrods, and Victoria’s Secret. This alarming trend has prompted industry experts to advocate for heightened investments in cybersecurity and digital resilience among retail brands. The vast online presence of these companies, coupled with the extensive volumes of transactions that involve sensitive customer data, make them prime targets for cyber adversaries.
High-end retailers are particularly susceptible, with brands like Adidas, Cartier, Co-Op, Dior, and The North Face also falling victim to recent attacks. The risks faced by these retailers extend beyond immediate operational disruptions, as evidenced by incidents where Marks & Spencer and Victoria’s Secret temporarily suspended their websites in response to security breaches. A notable case is United Natural Foods, North America’s largest publicly-held wholesale food distributor, which reported that a cyberattack discovered in June led to three weeks of system downtime, resulting in a staggering loss of approximately $350 million to $400 million in sales.
Retailers May Downplay Security Breaches Out of Caution
Another significant risk posed by data breaches includes potential stock price declines and regulatory fines. Furthermore, findings suggest that companies often underreport incidents to mitigate negative publicity, ultimately jeopardizing customer trust. A recent survey by Vercara highlighted that two-thirds of consumers would lose confidence in a brand following a data breach, illustrating the profound impact of cybersecurity incidents on reputation and consumer relationships.
According to James Maude, field CTO at BeyondTrust, the push for seamless online shopping experiences inadvertently creates vulnerabilities that cybercriminals can exploit. Maude indicated that retailers often prioritize ease of purchase over security, stating, “The retail sector can find themselves caught in trade-offs where their focus is on making it as easy as possible to buy an item, not making it as secure as possible.” This challenge is evident, for instance, in the implementation of multi-factor authentication (MFA), which may deter customers from making impulse purchases. Maude also pointed out that loyalty programs and rewards points have become frequent targets for attackers employing credential stuffing techniques, leveraging existing breaches to exploit customer accounts and redeem benefits for untraceable goods.
Industry experts are increasingly promoting the adoption of zero-trust architecture, which emphasizes continuous verification of user identities and device integrity. This strategic approach effectively reduces the risk of unauthorized access, particularly given that recent breaches have targeted third-party relationships within supply chains, exposing weaker links in security protocols.
Majority of Breaches Tied to Human Error, But Cybersecurity Will Become Even More of a Necessity for Retailers Moving Forward
Research from VikingCloud indicates that 95% of data breaches are attributed to human error, often stemming from inadequate cybersecurity training. The high turnover rates in retail further complicate this issue, as many employees may lack sufficient awareness of internal cybersecurity policies. Dave McGrail, head of business consultancy at Xalient, and Chris Woods, founder and CEO at CyberQ Group, emphasize the need for investing in proactive incident response and recovery plans, alongside AI-driven threat intelligence. They warn that the risk landscape for retailers will intensify, with increasing ransomware attacks and new technology security challenges, particularly within the supply chain.
Collaboration among industry players and law enforcement is becoming increasingly essential. Co-op’s recent partnership with The Hacking Games aims to engage teenagers in cybersecurity careers, steering them away from potential criminal activities in the cyber domain. With data suggesting that 69% of European teenagers have engaged in some form of cybercrime, educational initiatives could play a vital role in nurturing a future workforce focused on cybersecurity innovation and safeguard.
