Today’s digital technologies allow retail businesses to create in-store management efficiencies, and to connect online with customers around the globe. But those same technologies can make retailers vulnerable to cyber risks — risks that can fatally damage the overall health of your brand and business.
While in-store computer systems and consumer-facing websites are a boon for retailers and their customers, the data they collect and maintain — credit card numbers, personal addresses, and other types of sensitive information — makes them a target for cyber crime. With this ever-more sophisticated and increasing cyber risk, come obligations —to your customers’ privacy and to keep up with a multitude of global and local regulations governing those obligations.
Despite the best intentions of a retail entity, cyber breaches can happen. Here’s a primer on cyber crime — and some tips on how retailers can mitigate that risk.
To cybercriminals, data is profit. Hackers use vulnerabilities to gain access to a system, using methods and software that are ever changing and ever more sophisticated. Here are a few terms that retailers should know:
What all of these have in common is that they disrupt business and can cost retailers hundreds of thousands of dollars in lost revenues, legal expenses, fines, and reparation costs. Reparations usually necessitate not only technical and financial experts, but also public relations professionals, because of the potential damage to customer trust and brand loyalty. In all, the resourcing and the expense can be enough to seriously cripple or even shut down a retail business.
For more key cyber security terms, check out Cyber Security Terms You Need To Know.
Of course, the best defense against cybercrime is to be on the offense. Here are some tips to protect against this ever more present and growing threat:
Diligently manage your data
Create a data map and a data retention policy that allow employees to understand what data your organization collects and maintains, how long it should be kept, etc. This is crucial information for risk assessment and, in the event of a breach, a critical part of a cyber response plan.
Secure your network
You have an obligation to take defensive measures to protect your retail systems and your customers’ personal and financial information. Data security measures include: installing two-factor authentication for employees and customers; using chip-enabled card technology; and employing end-to-end encryption.
Understand the regulatory landscapes
A retailer’s regulatory burden can be complex and varies greatly depending on the products, the physical locations of the business, and where its customers are located. Globally, the regulations are changing as quickly as the cyber threats. Understanding the specific laws and regulations to which your operation is subject is critical to ensuring compliance and avoiding sanctions or fines.
Choose your vendor partners carefully
Outsourcing part of your operation may not outsource your liability. If your vendors are exposed, you may be exposed and ultimately liable for any loss, so it is important to choose partners who demonstrate strong cyber vigilance and who invest in a comprehensive cyber insurance policy.
Educate your employees
The majority of retail cyber breaches originate internally. Poor employee cyber hygiene — like repeating passwords, email laxity, and failure to use a secure internet — is a proven cause. Written and enforced cyber security policies and regular staff training can greatly lower this risk.
Have a cyber response plan and team in place
When the worst happens, knowing what and who your resources are can mean the difference between quick and efficient response time, and excessive business days and profits lost. The response team may be both internal and external — I.T. staff, risk manager, cyber response consultant, forensic accountant, insurer, crisis P.R. team, etc.
Invest in cyber insurance with an expert partner
A global insurance company with both retail and cyber expertise can help assess and manage your risk, customize a policy aligned with your business, understand local regulations, provide resources to train your employees, connect you to cyber response and reparation professionals — and, of course, mitigate any business losses or expenses.
Learn more about Chubb’s cyber capabilities and resources.
This document is advisory in nature and is offered as a resource to be used together with your professional insurance advisors in maintaining a loss prevention program. It is an overview only, and is not intended as a substitute for consultation with your insurance broker, or for legal, engineering or other professional advice.
Chubb is the marketing name used to refer to subsidiaries of Chubb Limited providing insurance and related services. For a list of these subsidiaries, please visit our website at www.chubb.com. Insurance provided by ACE American Insurance Company and its U.S. based Chubb underwriting company affiliates. All products may not be available in all states. This communication contains product summaries only. Coverage is subject to the language of the policies as actually issued. Surplus lines insurance sold only through licensed surplus lines producers. Chubb, 202 Hall's Mill Road, Whitehouse Station, NJ 08889-1600.
We can help with that.