The U.S. Department of Commerce recently reported consumers spent over $200 billion online with retailers in Q2 2020, up 44.4% from the same quarter in the year prior. It seems escalating online shopping is the one thing that is certain in these uncertain COVID-19 times.
Many middle market retailers have quickly shifted their strategies to implement or augment e-commerce platforms to answer the urgent call of eager shoppers, but are companies also weighing the risks of a rapidly growing online presence, particularly related to looming cyberthreats? And as the holidays approach and online shopping continues to rise, hackers are likely watching for opportunities to exploit and attack unprepared and security-weakened retailers.
From data breaches and ransomware threats to sophisticated malware attacks, retailers must be mindful of cyber-risks. At particular risk are those businesses who quickly put e-commerce systems in place without the full assessment of data vulnerabilities and security risks.
In RSM US LLP’s recent report on cybersecurity issues in the middle market—which included those businesses in the consumer products industry and retail sector—18% of executives disclosed that they reported a breach in the last year and more than half of the respondents indicated that an attempt to illegally access their data or systems is “very likely” or “somewhat likely” this year. In addition, the report found that the number of reported breaches has tripled over the last five years. And the tumult caused by the pandemic and resulting economic woes has escalated even further a climate ripe for cyber-risks.
“In these disruptive times brought on by COVID-19 and economic challenges, some retailers have had to dedicate focus and resources on business sustainability efforts rather than security measures. Cybersecurity, in some cases, could have been neglected as priorities shifted to keep the business open,” said Matt Franko, a director of risk consulting at RSM. And, he adds, this neglect opens the business up to threats which could cost the company dearly later in terms of cost and reputation.
“If you look at the Claire’s incident from earlier this year you can see the damage that attacks on e-commerce sites can do,” said Franko. That breach resulted in customer data and payment card information being exposed. The fallout from that attack could be felt for years as the company faces a proposed class action lawsuit from affected customers.
Cybersecurity is critical for retailers, indicates David Llorens, also a director of risk consulting at RSM. He notes, “There are a variety of efforts companies can make to protect their data as well as their customers’ information.” Risk mitigation efforts could include:
- Assess website and e-commerce processes and identify risk areas. Understand data collection, storage, transmission channels and more.
- Evaluate current governance approaches and update accordingly to meet new transaction and e-commerce needs.
- Review various regulatory compliance requirements, like PCI-DSS and the General Data Protection Regulation, and improve processes to align with standards.
- Leverage cloud solutions to help fortify data storage against threats, using a cloud provider mindful and experienced in PCI-DSS compliance and more.
- Create an e-commerce and cloud strategy in tandem and make sure the effort is scalable with the ability to expand and grow securely as the business grows.
- Assess cybersecurity protections, detection solutions and response processes at least annually to assure that no new risks have been introduced.
- Re-assess cybersecurity strategies, priorities and investments quarterly, and modify them as needed to reduce exposure to new and old threats.
More on the cloud
According to RSM’s Oleg Glubochansky, who focuses his practice on e-commerce, the cloud offers a secure solution to maintain more control over data. “Retailers can better understand how much data they have and where exactly it resides,” he said. “The cloud also offers platform options, many with more extensive security capabilities.”
Numerous middle market companies are seeing the security benefits of cloud solutions. According to RSM’s cybersecurity survey, 42% of respondents moved data to the cloud as a result of security concerns in the last 12 months. Among middle market executives reporting moving data to the cloud for security concerns, 90% believe the data residing in the cloud is more secure than in the past.
As Glubochansky indicated, these adapters are thinking of what’s best for the company and customers in the months and years to come. “I tell my clients, don’t think about what you need to do to stay open. Rather, think about what you need to do to grow,” he said, adding the cloud provides the efficiency and security retailers must have for their e-commerce efforts now and moving forward.