The growing need for cyber insurance in the retail industry

Cyber insurance

In recent years, cyber attacks on businesses have become commonplace. Initially, criminal gangs focused their attention on banks and financial institutions, since these were perceived as yielding the biggest rewards. However, as the banking sector woke up to this threat and tightened its defences, cyber gangs were forced to look elsewhere for easy pickings, and the sector they seem to have chosen is retail. With approximately 87% of UK consumers having bought at least one product online in the last 12 months, retailers of all sizes need to urgently educate themselves on the threats posed by cybercrime, and look at how cyber insurance can help protect their businesses if they are the victims of an attack.

How cybercrime has developed

With each new attack, cyber crimes evolve to become a little more sophisticated, making the challenge of defending a retail business ever harder. From DDoS attacks to ransomware and data breaches, there are multiple threats involved, and very often, the victim doesn’t even know that they have been targeted, until it is too late.

Research carried out by the British Chamber of Commerce suggests that 20% of British businesses experienced a cyber attack last year. However, it’s likely that this figure does not accurately reflect the real picture, as firms are either unaware that they have been the victims of an attack, or they choose not to report it.  Whilst there have been some very high profile retail breaches in recent years, many retailers would prefer to keep quiet if they are hit, fearing negative publicity and loss of sales.

Not facing up to the threat of cyber attack is a very dangerous position for retailers to take, as cyber threats are constantly evolving and becoming much more sophisticated. For example, global internet security firm, Symantec, reported that there were 77.5 million new malware variants identified in March 2017, representing an increase of more than 500%, compared with April of the previous year.

The media has made much of the story around antibiotic resistance in recent months, with diseases mutating to become immune to the drugs used to combat them. In fact, this is exactly the same kind of problem faced by retailers and other businesses when trying to defend against cybercrime.  Attacks are mutating and evolving faster than firms can build defences against them. All businesses, but particularly those in the retail sector, need to channel appropriate levels of resources into their fight against cybercrime, or risk being attacked, with potentially catastrophic consequences.

Cyber insurance explained

Many firms have yet to realise that they need cyber insurance, and fail to fully understand this type of cover. Both businesses and the insurance sector are still divided on whether cyber crime should be covered under existing insurance policies or whether it should be treated separately, with its own tailored insurance cover.  One firm that came unstuck on this issue is Sony after the Playstation network was hacked back in 2011. That attack compromised around 77 million customer accounts and cost Sony roughly $170 million. Rather astonishingly for a multinational company of that size, Sony claimed that it was under the impression that cyber attacks were covered by its existing insurance. However, the firm eventually lost a legal battle with its insurers on the issue.

Cyber insurance does nothing to prevent a firm becoming the victim of an online attack, but instead provides cover to help businesses recover quickly and efficiently if their online assets are compromised in any way. This can take the form of disaster recovery resources, business continuity activities and reputation management strategies.

Why retailers need cyber insurance

Every online business, from multinational giants to the smallest of independent boutiques, relies wholly on their digital assets for survival. Even a relatively minor hack could cost a retailer dearly, with estimates suggesting that a single attack could cost firms from £66,000 to £200,000. Whilst cyber insurance can provide a financial payout in the event of an attack, it can also provide valuable, and much needed, technical resources to help repair the damage suffered in the attack, and protect systems going forwards.

The reputational damage done to a retail firm can be even more extensive than the actual attack itself. It’s only natural that shoppers are likely to abandon a retailer, no matter how well-known or loyally supported in the past, if there is even a whiff of suspicion about the security of the site. Gaining back the trust of those shoppers is likely to be an enormous challenge, with a recent KPMG survey of US shoppers finding that a third of respondents would not shop at a retailer for more than three months after a security breach, for fear of their personal details being compromised.

Cybercrime is not going to go away anytime soon, and in fact, is likely to become even more of a threat to our way of life over time. For retailers to survive in this climate, cyber insurance, along with robust security education and cyber defences, should now be seen as compulsory, rather than an optional extra.