Data breaches are continually increasing at an alarming rate, and U.K. retailers are a prime cause for data breaches and leaks.
Statistics show that in 2014/15, U.K. retailers reported 17 data breaches. The next year, it increased to 19. However, 2016/17 has seen a sudden spike of 38 reported data breaches, with no signs of slowing down.
These data breaches aren’t just malicious hackers attacking databases, but also include employees accidentally leaking or losing information.
The drive for data collection
Unless real action is taken, these data breaches may continue on an upward curve. It’s common knowledge that retailers are obtaining more and more information on their consumers to help boost sales.
When you swipe your Tesco Clubcard, your purchases are registered so trends in your shopping habits can be collected, as one example. The ‘Big Data’ initiatives brings us closer to an autonomous world where computers store a wealth of information on recognised individuals so they can work out what we want to buy before we even know it ourselves. Beginning with looking at what a shopper has previously purchased, how much they spend, their likes and dislikes, it’s easy enough for computers to produce lists of recommendations.
Another example is platforms like Amazon. You’ve probably seen links to other products under tag-lines similar to: “you might also like this”.
The consumer world is constantly trying to better our shopping experience by producing online shopping platforms, membership discounts, personalised marketing and electronic data collection when shopping in store, all of which constantly gather valuable information; valuable to retailers, and hackers.
Are retailers doing enough to protect our data?
Retailers are enjoying the benefits of gathering an abundance of information, but are they neglecting the responsibilities that come with it?
Cybersecurity is absolutely paramount for any company that has an online presence. Unfortunately, many retailers may not see cybersecurity as a priority.
Regulators are recognising some lack of action and have strengthened data protection enforcement and sanctions to enforce better cybersecurity. At the moment, the Information Commissioner Office (ICO) has the power to issue a £500,000 fine for entities that breach data protection laws. The General Data Protection Regulation brought by the EU will give authorities the power to fine up to 4% of the breaching company’s global annual turnover, or €20 million (whichever is the higher). The GDPR will be enforceable as of 25th May 2018.
Retailers need to step up
David Kennerley, director of cybersecurity firm Webroot, believes retailers need to ensure they do enough to keep customers safe online when using their website, but also that their own internal databases are protected against unauthorised access externally and internally.
“Retailers need to keep PoS (Point of Sale) software up-to date and deploy threat protection and detection on these devices, while not forgetting the importance of the physical security of PoS systems. Where possible, two factor authentication should be used internally and by their customers. Online transactions should always require the CVV number is entered by the customer for every transaction”, says Kennerley.