The Retail Cyber Risk Landscape
Written by Marsh Pty Ltd
The retail industry is undergoing a significant transformation, as technological innovation drives change and alters the way retailers manage their operations and interact with customers. In addition to these, COVID-19 has significantly changed how retailers operate and interact with their customer base.
Omni-channel retailing – bricks and mortar stores, online sales and marketing channels, and mobile applications – is increasingly being adopted to optimise customer experience, allowing companies to remain competitive and relevant. This creates new points of exposure to access and impair critical systems, networks and compromises sensitive data. This also leads to a significant increase in the volume of payment transactions being processed and customer data being collected and stored.
The top incident breach for retailers in 2018 focussed on data theft1. Today, cyber-attacks have moved beyond data breaches to sophisticated schemes designed to cause significant disruption to businesses and supply chains. Ransomware attacks have also grown significantly, seeking to exploit vulnerabilities created by a large-scale move to hybrid working environments and greater use of online resources.
Why is this important?
A few case studies evidence the severe impact a cyber-attack can have on a retail business:
- One of the largest outdoor clothing and equipment retailers in Australia and New Zealand reported that an unidentified third party had gained unauthorised access to its website and may have captured customer personal information and payment details during the period 8 January 2019 and 12 February 20192.
- Hackers gained access to the personal information of at least 460,000 users of one of Asia’s largest retailers. Purchase history and parts of credit card numbers may have been accessed2.
- Credit and debit card information for more than 45 million customers of a major retailer were infiltrated and used to make fraudulent purchases. The retailer estimated its expenses – including litigation and computer system updates – at more than USD250 million2.
- The 2017 NotPetya malware attack significantly disrupted businesses around the world, including retailers. Estimated economic losses exceed $3 billion2.
This report from ARA Insurance partner, Marsh, provides insights into the cyber exposures facing retailers and information on the cyber insurance options available. Cyber insurance can help provide critical protection for direct loss and liability arising out of the operational use of technology and data, assisting retail companies in mitigating their exposure to cyber risk and successfully recover from a cyber-incident.
Looking for insurance and risk management solutions tailored to retail?
ARA Insurance is a unique insurance program for members harnessing the industry experience of the ARA and the risk management expertise of global leading insurance broker, Marsh.
As a member benefit, ARA Insurance members can receive a free 30 minute insurance risk consultation with Marsh. Premium members also receive a complete risk analysis report.
To access this benefit, or for further information, please complete this form and an ARA Insurance representative will contact you to schedule your consultation.
This article contains general information and does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. Any advice is general in nature only and is provided by Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238369) (‘Marsh’). Marsh arrange this insurance and are not the insurer. For full details of the terms, conditions and limitations of any covers and before making any decision about a product, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh on request. The Australian Retailers Association (ARA) receives a financial benefit when an insurance policy is arranged by Marsh for ARA members. © 2021 Marsh Advantage Insurance Pty Ltd. All rights reserved. LCPA No. 21/308.
2 Marsh Cyber Risk and Insurance Solutions for the Retail Industry, August 2019