Retail

/Retail
Retail2018-07-18T17:07:25+00:00

From an increased number of extortion demands, to several major breaches hitting the headlines, the last few years have seen an unprecedented level of cyber attacks within the retail sector. Further, as retailers become increasingly reliant on elastic technology platforms to manage all processes from transaction to re-shelfing, they are becoming exponentially exposed to these threats and the potential for system failures.

In such a highly competitive industry, aside from managing the cost of resolving a cyber event, the reputational implications of such a breach could cause substantial harm to the business.

Compliance with regulations such as PCI DSS is required, due to the amount of credit card payments processed
In such a competitive industry such as retail, disruption, downtime, system failure due to a cyber event can cause serious financial harm to a company
The inability to take payments can have serious reputational implications and cause financial harm
Retailers are in the public eye, making them a prime target for widespread attacks
Manage huge volumes of Personally Identifiable Information from credit cards, emails and personal contact details
Seasonal peaks in trading may result in a larger impact to loss of earnings at certain times, in the event of system downtime
Operating across multiple jurisdictions creates data privacy challenges at the local level
Retailers carry out more and more business online and worldwide. Websites must be accessible 24/7 to ensure customers can purchase goods and products
Within the retail industry, POS systems drive inventory, with supplies being re-stocked automatically. Any outages to these systems can directly affect stock on shelves.
With such extensive employee networks with high turnover, it is difficult to manage human error and limit data breaches and ensure network integrity
Retailers handle large volumes of credit cards
Screenshot 2016-05-05 07.56.11

Malicious Cyber Events are often the hardest to predict and can cause the most reputational harm. With the intent of disruption to operations resulting financial loss, these events can materialise in a number of ways:

  • Data or system degradation
  • Cyber extortion
  • Privacy breaches or network security events

E-Cyber is designed to protect against these malicious cyber attacks providing comprehensive coverage for crisis management in identifying and resolving the cause of the cyber or extortion event, as well as offering the financial protection for any fallout, such as:

  • the increased cost of working or direct loss of net income due to the covered event; or any
  • defence costs and any subsequent damages or fines which may be incurred as a result of the event.
Screenshot 2016-05-04 11.26.26

Data manipulation, ransom, and breaches are a major concern for the retail sector given the high volume of credit card transactions. This data is shared across an extensive employee network.

Whether the data is corrupted, exposed, or held ransom E-Cyber is designed with an understanding of the exposure to the retail industry. The policy is designed to cover the cost to the company of managing through a data breach, or a ransom event, as well as data restoration in the event of a cyber event. The policy further extends to consider the legal and regulatory implications of data breaches.

Screenshot 2016-05-05 08.00.44

Much like data management, maintaining network integrity presents a serious challenge, as inadvertent System Failures can be just as disruptive as malicious cyber attacks. Whether the failure is caused by negligence or mistake in managing the company’s system, a programming error, or a malfunction or failure of the company’s system, any outage will cause financial loss.

Many of these system exposures are intended to be covered within the E-Cyber policy as the triggers for business interruption and the liability sections extend beyond malicious acts and to the practicalities of managing a centralised network. As a result we handle many of these system interruptions as if they were malicious and would look to provide coverage for event management to identify and resolve the system failure, the increased cost of working or direct loss of net income due to the covered event, or any defence costs and any subsequent damages or fines which may be incurred as a result of the event.

CASE STUDIES

January 2016 – A retail firm was hit by a denial of service attack which led to full system failure of customers online accounts and digital services. Although customer transactions were not affected, services were not available causing disruption and reputational damage – 275,000 customer payments were delayed.

December 2015 – A wine merchants computer systems were locked down by malicious malware, until a ransom was paid. The merchants employees could no longer open email, lookup inventory or process sales — a big problem during the busy holiday season. The merchant sustained costs in employing a software and IT company to help reinstall the systems following the attack.

April 2015 – A company specialising in skincare products admitted to being the target of 4 separate Ransomware attacks in a 6 month period.

May 2014 – The largest online auction site was a victim of a hacking attack resulting in 233 million customers personal data being compromised. The hack put customers at risk of identity theft and phishing attacks from malicious 3rd parties.

August 2015 –A large retailer announced 56 million payment cards had been compromised in an attack that ran from April through to September and affected stores in the United States and Canada. Company officials said hackers used custom-built software that had not been seen in previous attacks. They estimated the cost of the breach at $62 million, which included expenses related to credit monitoring and additional staffing at call centers.

November 2014 – Criminals infiltrated a large car retailers local wireless system and were able to intercept customers information. They then used the open access point to break into the company’s central database where they gained access to millions of credit card numbers and personal data. The resulting costs were estimated at over £100m.

March 2014 – As many as 110 million customers details were ccompromised during Black Friday weekend. The information stolen included customer names and addresses and credit or debit card numbers. The breach resulted in a decline of 2% to 6% for the Annual quarterly Gross sales. A financial statement revealed the data breach cost the retailer $252 million.

December 2015 – A UK Fashion retailer took a £8.8m hit on its profit following a warehouse system error. The system failure was due to an IT glitch causing it to send out all clothing products in the size Small and XL only causing major issues within the distribution.

April 2015 – A major coffee house suffered a system outage which resulted in a number of their shops being unable to process sales. The employees were giving away free coffee before the company decided to close the stores early whilst the problem was resolved. The outage was caused by an internal error. The company were unable to reopen until the problem was resolved, resulting in extensive financial loss to the company.

A system failure by human error, programming error or computer malfunction can cause disruption to customers and extensive financial losses to the company. Any downtime can erode a company’s competitive edge, affecting their reputation and losing sales. Getting systems back online can be costly.