In 2015, cyber attacks and data breaches don’t look like they’re going to slow down. Whether this is attributable to political motivations, disgruntled staff or criminals, the reality is that breach of a company’s data is now a real and considerable risk. Irrespective of whether a retailer is bricks and mortar, solely online or increasingly a combination of both, they’re exposed to cyber breaches with sensitive data, personal records and financial information being stolen.
We’re continually reading of cyber hacking’s impact on retailers globally. Although retailers have tried to harden their defences, cybercriminals are almost always one step ahead. High profile cyber-attacks on companies including Kmart, Pizza Hut, Target, Home Depot, KFC and eBay highlight that even those organisations with considerable IT security resources face the possibility of confidential data being compromised.
It’s a misconception, however, to consider that only larger organisations are at risk of cyber attacks. SME’s are considered an ‘easy’ target with less sophisticated cyber security measures and protections. It’s also a misconception to think these risks are limited to online retailers only. Any retailer that holds data that can be used by criminals to extort or is confidential to a retailer’s operation is a potential target. Retailers can suffer POS malware attacks, DOS (Denial of Service) extortion threats, data access via accidental loss of technological devices like laptops and mobiles – all of which can have devastating effects.
Data security breaches can have serious implications on a retailer’s bottom line with affected companies suffering lost productivity, lost revenue, notification costs to customers, PR costs, significant recovery costs and penalties, irreversible damage to the corporate brand and customer trust as well as exposure to third party legal claims.
Retailers can’t avoid the use and collection of data as well as a reliance on technology and therefore the risks of data loss and technology breaches must be managed. Preventative measures and post-loss actions are necessary tools to prevent and/or minimise loss. Retailers must consider robust IT security policies and procedures that include training employees, encrypting sensitive data, ensuring third-party service providers who have access to sensitive data have policies and procedures in place and enforce them, an effective strategy for IT asset disposition, anti-virus protections and data back-ups.
Irrespective of the resources dedicated to data security by retailers, the risk of hacking remains real and if this event should occur, retailers need to consider cyber insurance to protect against the resulting financial loss. ARA Insurance Services has developed an insurance solution to protect businesses from these costs if the criminals do get through. The policy provides broad protection for privacy breaches including civil penalties and compensatory awards by regulators and legal actions by third parties, loss of revenue while the business is interrupted, cyber extortion costs, hacker damage costs to restore data, programs and networks as a result of a hack and breach costs including forensic investigations, notification costs, credit monitoring services, call centre costs and PR costs. ARA Insurance Services can also assist you to review your existing prevention and security measures and refer you to specialised cyber professionals where we identify a need for data protection improvement.
For additional information please contact ARA Insurance services on 1300 1660 423