Once again cybersecurity issues affecting online retailers are back in the spotlight. US tech online retailer Newegg, which sells into Australia, reported last month that credit card data it collected had been compromised.
This breach follows similar attacks against online sites operated by British Airways and Ticketmaster. These attacks are being attributed to a team of cybercriminals known as Magecart, which injected malicious JavaScript code into these websites to skim credit card data.
It’s still anybody’s guess just how widespread these types of attacks have become. But a 2018 retail cybersecurity report from SecurityScorecard found that over 90 percent of the retail domains analysed indicated non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) standard. The report also notes that retail ranks second to last among all the vertical industries tracked in terms of application security.
Data is the lifeblood of your business — but it can also be your Achilles’ heel. Loss or theft of your customers’ data can do irreparable harm to your reputation and put regulatory compliance at risk. In addition, loss of customer data, inventory management data, payroll, accounting, etc., can lead to operational disruptions that you simply can’t afford.
The fact that cybersecurity is a major concern for online retailers is, of course, hardly novel. Business leaders across the sector are clearly weighing risks versus potential rewards. Given the general low cybersecurity ratings across the sector, many retail business executives have apparently concluded that any potential harm experienced by their customers is well worth the revenues to be gained.
What precisely goes into that decision will vary by company. But a report published last month by SiteLock indicates that websites experience 58 attacks per day on average, or roughly every 25 minutes. It also found the average number of attacks experienced by websites per day increased by 16 percent quarter over quarter. Those attacks are becoming more sophisticated and harder to detect.
Keeping the faith
The calculus that retail executives employ to measure cybersecurity risks might soon be changing. The level of personal risk associated with cybersecurity breaches is starting to rise. It remains to be seen how business executives being held more accountable might impact cybersecurity among online retailers.
But while more accountability is a generally a good thing, waves of recrimination are generally counterproductive. It should now be clear to almost everyone in the online retailing sector that something is very broken. The real issue is how will online retailers and the IT community come together to solve a problem that jeopardises billions of dollars in transactions.
Unfortunately, time is running out to have that conversation. Once customers lose faith in online retailing it will be extraordinarily hard to restore it. They may love the convenience online retailers provide, but many are already limiting their transactions to a narrower group of online retailers that they instinctively feel have the resources to do whatever it takes to secure their transactions.
Ultimately, that’s not an outcome that’s good for business.
View cybersecurity in a different light
Instead, you need to view cybersecurity as a critical business driver and a source of competitive advantage, rather than simply focus on what happens to your business if you get attacked. Customer satisfaction and spending can be drastically improved by focusing on cybersecurity and data protection assurance.
Cybersecurity and data privacy outranked attributes such as discounts when consumers choose a retailer, according to a recent Cap Gemini study. It suggests that retailers could increase annual revenue by five percent by investing in cybersecurity measures that makes shoppers trust them more. It also revealed that strong cybersecurity measures increase customer satisfaction by 13 percent, with 40 percent of consumers willing to spend at least 20 percent more with retailers they trust.
What’s surprising is that very few retailers in Australia are leveraging this opportunity to gain competitive advantage. It’s certainly in your best interests as an online retailer to put more focus on strengthening your cybersecurity and data privacy capabilities to drive customer satisfaction … and turn cybersecurity from foe to friend.
Andrew Huntley is the regional director for ANZ and the Pacific Islands for Barracuda Networks.