Cyber-security cost hits UK high street hard

07 August 2019 Consultancy.uk

With the UK high street currently floundering amid falling consumer power and heightened import prices, the country’s retailers have happily followed the global trend of turning to digitalisation to improve their customer experience and find efficiency savings. However, these opportunities do not come without risks, and new analysis shows that the number of cyber breaches in retail more than doubled in 2018, resulting in disruption, reputational damage and significant financial losses.

In August 2018, health and beauty retailer Superdrug Stores admitted to a security breach that potentially compromised names, addresses, and in some cases, dates of birth and phone numbers of 20,000 customers. The hackers held the data ransom for an undisclosed sum, providing details of 386 customers to prove the validity of their claims, which Superdrug was able to verify.

The company suffered notable reputational damage from the episode, initially failing to apologise to those affected when announcing the breach, while the cancellation of accounts for customers was only available at first via a paid phone line. Amid the fury from consumers, however, companies who are the victims of hacks like this could also be stung financially. Since the EU’s General Data Protection Regulation (GDPR) and GDPR-aligned UK data protection legislation came into effect, organisations are under increased pressure to ensure personal data is kept securely, or else face a range of punitive measures that could seriously affect their bottom line.

Who are Survivors

In the tumultuous British retail scene, the threat of a cyber-attack is emphasised even further, then. While many companies have turned to digital technologies to make customer interactions easier, create additional sales channels and add additional efficiencies on the backend, they open up new short and long term risks. Cybercrime is continuing to increase, as criminals become more sophisticated and diverse, meaning firms who fail to beef up their security efforts are at risk of falling prey to them.

To understand how such events are currently affecting UK retail businesses, BDO has published a report into the cyber-threats facing high street firms as they push deeper into the digital realm. Retail is a key target of financially motivated attackers, largely due to the large number of credit cards used as part of the wider purchase process. Once captured, they can be quickly monetised through illegal markets.

The frequency of breaches in the retail industry has continued to rise. Between 2017 and 2018 the number of breaches multiplied by 2.5 times, with a quarter reporting being breached more than once. In total 957 breaches of UK retail businesses occurred in Q1 2018, representing a 17% increase on Q3 2017. One major issue facing affected consumers is that they find out that their details have been breached months after the fact. In 2018 for instance, it took an average of 196 days for a breach to be detected – by which time a large amount of data and money had already been lost.

Insider threats continue to plague the industry, largely from staff neglect (63% of incidents), while 83% of companies have seen staff incidents where they accidentally exposed customer or business data. Despite this, BDO found that many companies may not have been making security a priority – which has seen upper management and board level oversight increase. However, even with increased oversight, many still lack a coherent strategy or even lack one completely in some instances.

Who are Thrivers

Gregory A. Garrett, Head of International Cybersecurity for BDO, said of the findings, “The retail and consumer products industry is facing increasing number of sophisticated cyber-attacks... Unfortunately, the global retail industry has not made sufficient investments in their cybersecurity policies, plans, procedures, and methods of defence, especially with their respective supply chain partners. As a result, the average cost of a cyber-data breach in the retail industry continues to climb every year and so does the average cost of cyber liability insurance coverage.”

According to the research, two varieties of companies have been able to mitigate cyber-risks, however. So-called ‘Thrivers’ are e-commerce-centric and have adopted technology early, and thus enjoy a competitive advantage on late-comers when understanding and dealing with risks, enabling them to plan ahead for worst-case-scenarios while improving products and convenience levels. While the majority of Thrivers are pure-play e-commerce outfits, the segment also includes specialist traditional retailers.

At the same time, ‘Survivors’ are technology laggards, but adopt a hyper-cautious, risk-averse, approach to technology to compensate for this, while focusing heavily on the single area of customer service to minimise potential distractions from security. Department stores make up the largest portion of Survivors, followed by discount retailers.

Related links

More on: BDO
United Kingdom
Company profile
BDO
BDO is not a United Kingdom partner of Consultancy.org
Partnership information »
Partnership information

Consultancy.org works with three partnership levels: Local, Regional and Global.

BDO is a Local partner of Consultancy.org in Netherlands.

Upgrade or more information? Get in touch with our team for details.

Send
BDO enters strategic partnership with Chartwell Consulting
United Kingdom
BDO enters strategic partnership with Chartwell Consulting Manufacturing performance improvement firm Chartwell Consulting has founded a new alliance with BDO.
24 March 2025
BDO appoints Jonathan Szoke as director for ESG due diligence practice
United Kingdom
BDO appoints Jonathan Szoke as director for ESG due diligence practice Accountancy and business advisory firm BDO has appointed Jonathan Szoke as a director in its growing ESG due diligence practice.
20 March 2025
BDO enters strategic partnership with Shopworks
United Kingdom
BDO enters strategic partnership with Shopworks Accountancy and business advisory firm BDO has entered into a strategic partnership with international retail consultancy Shopworks.
11 March 2025
BDO’s partnership continues to balloon with a further five additions
Australia
BDO’s partnership continues to balloon with a further five additions Accounting and consulting firm BDO continues to build its partnership in the early stages of the year, with another handful of Big Four recruits and internal promotions added over the past month.
06 March 2025
Manufacturing M&A rebounds despite economic challenges
United Kingdom
Manufacturing M&A rebounds despite economic challenges After several difficult years, the number of deals in the UK M&A market has accelerated. The manufacturing sector in particular enjoyed a year of solid investment – with major infrastructural projects driving interest in the second half of 2025.
06 March 2025
BDO Canada appoints Uros Milekic as Quebec market leader
Canada
BDO Canada appoints Uros Milekic as Quebec market leader BDO Canada, a mid-market accounting and consulting firm, has appointed Uros Milekic as Quebec market leader. Milekic will oversee a team of 500 people in the province.
27 February 2025
17 consulting firms listed in Prosple’s top 100 graduate employers in Australia
Australia
17 consulting firms listed in Prosple’s top 100 graduate employers in Australia What are Australia’s top employers for graduates seeking to kickstart their career in management and technology consulting
24 February 2025
BDO in strategic partnership to enhance risk services with NAVEX
United Kingdom
BDO in strategic partnership to enhance risk services with NAVEX International professional service firm BDO has announced a new partnership with NAVEX.
18 February 2025

Cyber Security news

Cyber Security consulting firms Cyber Security consulting services

Retail news

Retail consulting firms Retail consulting services