Sergey Nivens - Fotolia

Retail industry steps up the fight against rising cyber threats

UK retail body BRC publishes the first of its kind step-by-step guide on how to manage cyber security threats

The British Retail Consortium (BRC) has published guidelines to help retailers of all sizes to manage cyber security threats and protect their customers.

The BRC Cyber Security Toolkit aims to provide retailers with practical guidance to ensure they have the appropriate preventative and response measures in place.

The online market has seen annual sales growth of 10% to 15% in recent years, but at the same time there has been an increase in cyber attacks against retailers and shoppers.

The BRC said the publication of the toolkit is aimed at helping retailers to keep pace with the evolving risks associated with operating online and to ensure customers’ personal data is protected.

The guidelines were developed by the BRC’s Fraud and Cyber Security Member Group with input from formal and informal consultation.

Recommendation in the guidelines include establishing cyber security as a board level issue, retail-specific information-sharing, completing a cyber security risk assessment, and creating an incident response plan.

The toolkit also provides a guide to preparing, responding, recovering and reviewing attacks.

While a quarter of consumer spending is online, the BRC 2016 Retail crime survey shows 53% of reported fraud in the retail industry is cyber-enabled, representing a total direct cost of around £100m.

Industry and government welcomes toolkit

Home office minister Sarah Newton said crime is changing and therefore the way everyone works to tackle it also needs to change.

“We are already taking world-leading action to stamp out cyber crime and fraud, including investing £1.9bn in cyber security over five years. But, as we have said, the government cannot do this alone.

“Businesses have a responsibility to take steps to protect themselves and their customers, which is why we are delighted that the BRC has introduced their cyber security toolkit to help retailers to do so,”  she said.

Hugo Rosemont, policy adviser on crime and security at BRC, said the UK is one of the leading e-commerce markets in the world.

“The BRC Cyber Security Toolkit is designed to equip British retailers with the know-how, guidance and practical support that will help the industry stay ahead of the ever evolving threats posed by cyber-related criminality.

“All parts of the retail industry have a large and growing stake in keeping customers safe and secure, and the industry is committed to ensuring the strongest possible measures are in place – all the way through from prevention to incident response,” he said.

Ian Levy, technical director at the National Cyber Security Centre (NCSC), said the retail sector is vital to the UK’s economic well-being and both the sector and its supply chain are increasingly reliant on online safety and security.

“The NCSC is delighted to be working with the BRC in finding innovative ways to make the UK a safe place for citizens, e-commerce, small businesses and large chains to do retail business online.

“We are committed to giving individuals and businesses of all sizes confidence to deliver success in our increasingly digitalised economy, and were pleased to support the development of this toolkit,” he said.

Read more about GDPR

  • Businesses dealing with EU citizens’ data urged to ensure they are on track to comply with the GDPR in less than 16 months, as the world marks Data Protection Day 2017.
  • The Information Commissioner’s Office (ICO) has set out its plans for publishing guidance on the EU GDPR.
  • The Information Commissioner’s Office is to publish a revised timeline for the UK implementing the EU’s GDPR after Brexit.
  • Business demand for consumer identity management capability is growing to enable new business models and improve customer engagement.

The official launch of the toolkit comes a day after UK information commissioner Elizabeth Denham called on UK businesses to adopt a deeper and broader focus on data protection.

The EU General Data Protection Regulation (GDPR), which becomes enforceable by law in May 2018, will require organisations to make personal privacy rights of consumers a top priority, she said.

While the GDPR gives specific new obligations for organisations, for example around reporting data breaches and transferring data across borders, Denham emphasised that the real change for organisations will be understanding the new rights for consumers.

“I want to see comprehensive data programs as the norm, organisations better protecting the data of citizens and consumers, and a change of culture that makes broader and deeper data protection accountability a focus for organisations across the UK,” she said.

Read more on Privacy and data protection

Data Center
Data Management