Cyber criminals – only one click away

security-lock, padlock, cyber securityIn 2015, cyber attacks and data breaches don’t look like they’re going to slow down. Whether this is attributable to political motivations, disgruntled staff or criminals, the reality is that breach of a company’s data is now a real and considerable risk. Irrespective of whether a retailer is bricks and mortar, solely online or increasingly a combination of both, they’re exposed to cyber breaches with sensitive data, personal records and financial information being stolen.

We’re continually reading of cyber hacking’s impact on retailers globally. Although retailers have tried to harden their defences, cybercriminals are almost always one step ahead. High profile cyber-attacks on companies including Kmart, Pizza Hut, Target, Home Depot, KFC and eBay highlight that even those organisations with considerable IT security resources face the possibility of confidential data being compromised.

It’s a misconception, however, to consider that only larger organisations are at risk of cyber attacks. SME’s are considered an ‘easy’ target with less sophisticated cyber security measures and protections. It’s also a misconception to think these risks are limited to online retailers only. Any retailer that holds data that can be used by criminals to extort or is confidential to a retailer’s operation is a potential target. Retailers can suffer POS malware attacks, DOS (Denial of Service) extortion threats, data access via accidental loss of technological devices like laptops and mobiles – all of which can have devastating effects.

Data security breaches can have serious implications on a retailer’s bottom line with affected companies suffering lost productivity, lost revenue, notification costs to customers, PR costs, significant recovery costs and penalties, irreversible damage to the corporate brand and customer trust as well as exposure to third party legal claims.

Retailers can’t avoid the use and collection of data as well as a reliance on technology and therefore the risks of data loss and technology breaches must be managed. Preventative measures and post-loss actions are necessary tools to prevent and/or minimise loss. Retailers must consider robust IT security policies and procedures that include training employees, encrypting sensitive data, ensuring third-party service providers who have access to sensitive data have policies and procedures in place and enforce them, an effective strategy for IT asset disposition, anti-virus protections and data back-ups.

Irrespective of the resources dedicated to data security by retailers, the risk of hacking remains real and if this event should occur, retailers need to consider cyber insurance to protect against the resulting financial loss. ARA Insurance Services has developed an insurance solution to protect businesses from these costs if the criminals do get through. The policy provides broad protection for privacy breaches including civil penalties and compensatory awards by regulators and legal actions by third parties, loss of revenue while the business is interrupted, cyber extortion costs, hacker damage costs to restore data, programs and networks as a result of a hack and breach costs including forensic investigations, notification costs, credit monitoring services, call centre costs and PR costs. ARA Insurance Services can also assist you to review your existing prevention and security measures and refer you to specialised cyber professionals where we identify a need for data protection improvement.

For additional information please contact ARA Insurance services on 1300 1660 423



Retail Voice CEO Message: 14 February 2024

Happy Valentine’s Day to our retail community – we hope it’s been successful trading. February is always an agenda-setting month and to help with our community successfully navigate the year

Closing Loopholes passes both houses of parliament

A message from ARA CEO Paul Zahra about Closing Loopholes After six months of debate and negotiations, the government’s Closing Loopholes legislation passed the Senate last week and the House

Employee’s right to disconnect from work

Advances in technology and dependence on our smartphones mean people are generally available 24/7. However, employees will soon be able to legally refuse contact or attempted contact from their employer