Toolkit developed by BRC aims to counter cyber attacks in retail sector

The Cyber Resilience Toolkit for Retail is an actionable guide specifically designed for non-cyber experts such as Board members, those in senior strategic roles and start-up businesses. It highlights the threats faced by retailers, key questions to consider when developing cyber resilience strategies and guidance on the types of protection retailers should implement.

The toolkit covers recommended actions for retailers in preventing breaches through stronger protections, preparation to mitigate the impact of a successful breach, recovering after a cyber attack and developing and embedding a positive cyber resilience culture at Board level.

Retail harbours one of the most advanced digital offerings of any industry and, as a result, has become one of the most targeted. Retail firms are constantly striving to improve the shopping experience and spent £186 million in the past year on deploying cutting-edge systems to protect their customers and prevent future breaches.

There has been a huge shift to online commerce since the start of the Coronavirus pandemic. In May, online sales accounted for over one third of all retail sales (32.8%) which is a big jump from 18.8% a year earlier.

Furthermore, processes across the supply chain are being rapidly digitised and automated, from e-commerce, cloud systems and shift patterns through to payroll and procurement. Greater dependence on these technologies has brought more cyber risk and hackers are becoming increasingly sophisticated in their tactics. Now more than ever, it’s crucial that retailers remain vigilant and adhere to necessary security protocols to combat these emerging threats.

Challenges of the pandemic

Helen Dickinson OBE, CEO at the BRC, explained: “In recent months, the use of technology in the retail industry has evolved as retailers adapt to new consumer habits and the challenges of the pandemic. Last year, retailers spent over £186 million on cyber security, but the growth in online selling means there’s an increasing threat of new cyber breaches and sophisticated hacking techniques. As a result, retailers need to ensure their systems are watertight and up-to-date.”

Dickinson added: “Our new toolkit, which has been developed with the input of the National Cyber Security Centre, will ensure that all retailers, no matter their size or level of cyber expertise, are well-equipped to face the challenge. This is yet another example of the BRC supporting retailers through the ongoing digital transformation. Furthermore, consumers must also play their part. More must be done to educate the public on basic cyber hygiene such that they’re able to browse and shop safely.”

Dr Ian Levy, technical director of the National Cyber Security Centre, commented: “We want to keep shoppers’ data, identity and privacy safe and to ensure that the retail sector is well-equipped to face the cyber challenges associated with an ever-more digital world. The new BRC toolkit has been written in a way that’s clear and concise so that it can be understood by retailers and those with a cyber specialism. I urge all key decision-makers in the industry to familiarise themselves with the toolkit and act on it.”