From an increased number of extortion demands, to several major breaches hitting the headlines, the last few years have seen an unprecedented level of cyber attacks within the retail sector. Further, as retailers become increasingly reliant on elastic technology platforms to manage all processes from transaction to re-shelfing, they are becoming exponentially exposed to these threats and the potential for system failures.
In such a highly competitive industry, aside from managing the cost of resolving a cyber event, the reputational implications of such a breach could cause substantial harm to the business.
Malicious Cyber Events are often the hardest to predict and can cause the most reputational harm. With the intent of disruption to operations resulting financial loss, these events can materialise in a number of ways:
- Data or system degradation
- Cyber extortion
- Privacy breaches or network security events
E-Cyber is designed to protect against these malicious cyber attacks providing comprehensive coverage for crisis management in identifying and resolving the cause of the cyber or extortion event, as well as offering the financial protection for any fallout, such as:
- the increased cost of working or direct loss of net income due to the covered event; or any
- defence costs and any subsequent damages or fines which may be incurred as a result of the event.
Data manipulation, ransom, and breaches are a major concern for the retail sector given the high volume of credit card transactions. This data is shared across an extensive employee network.
Whether the data is corrupted, exposed, or held ransom E-Cyber is designed with an understanding of the exposure to the retail industry. The policy is designed to cover the cost to the company of managing through a data breach, or a ransom event, as well as data restoration in the event of a cyber event. The policy further extends to consider the legal and regulatory implications of data breaches.
Much like data management, maintaining network integrity presents a serious challenge, as inadvertent System Failures can be just as disruptive as malicious cyber attacks. Whether the failure is caused by negligence or mistake in managing the company’s system, a programming error, or a malfunction or failure of the company’s system, any outage will cause financial loss.
Many of these system exposures are intended to be covered within the E-Cyber policy as the triggers for business interruption and the liability sections extend beyond malicious acts and to the practicalities of managing a centralised network. As a result we handle many of these system interruptions as if they were malicious and would look to provide coverage for event management to identify and resolve the system failure, the increased cost of working or direct loss of net income due to the covered event, or any defence costs and any subsequent damages or fines which may be incurred as a result of the event.
January 2016 – A retail firm was hit by a denial of service attack which led to full system failure of customers online accounts and digital services. Although customer transactions were not affected, services were not available causing disruption and reputational damage – 275,000 customer payments were delayed.
December 2015 – A wine merchants computer systems were locked down by malicious malware, until a ransom was paid. The merchants employees could no longer open email, lookup inventory or process sales — a big problem during the busy holiday season. The merchant sustained costs in employing a software and IT company to help reinstall the systems following the attack.
April 2015 – A company specialising in skincare products admitted to being the target of 4 separate Ransomware attacks in a 6 month period.
May 2014 – The largest online auction site was a victim of a hacking attack resulting in 233 million customers personal data being compromised. The hack put customers at risk of identity theft and phishing attacks from malicious 3rd parties.
August 2015 –A large retailer announced 56 million payment cards had been compromised in an attack that ran from April through to September and affected stores in the United States and Canada. Company officials said hackers used custom-built software that had not been seen in previous attacks. They estimated the cost of the breach at $62 million, which included expenses related to credit monitoring and additional staffing at call centers.
November 2014 – Criminals infiltrated a large car retailers local wireless system and were able to intercept customers information. They then used the open access point to break into the company’s central database where they gained access to millions of credit card numbers and personal data. The resulting costs were estimated at over £100m.
March 2014 – As many as 110 million customers details were ccompromised during Black Friday weekend. The information stolen included customer names and addresses and credit or debit card numbers. The breach resulted in a decline of 2% to 6% for the Annual quarterly Gross sales. A financial statement revealed the data breach cost the retailer $252 million.
December 2015 – A UK Fashion retailer took a £8.8m hit on its profit following a warehouse system error. The system failure was due to an IT glitch causing it to send out all clothing products in the size Small and XL only causing major issues within the distribution.
April 2015 – A major coffee house suffered a system outage which resulted in a number of their shops being unable to process sales. The employees were giving away free coffee before the company decided to close the stores early whilst the problem was resolved. The outage was caused by an internal error. The company were unable to reopen until the problem was resolved, resulting in extensive financial loss to the company.
A system failure by human error, programming error or computer malfunction can cause disruption to customers and extensive financial losses to the company. Any downtime can erode a company’s competitive edge, affecting their reputation and losing sales. Getting systems back online can be costly.