Retail Cyber Risk in the Post-Holiday Season

The holiday season has passed and many retailers have experienced a bounty of increased sales. Unfortunately, this is also a time where retailers become the most vulnerable and at risk for losses suffered at the hands of cyber criminals.

In fact, according to the Chubb Cyber Index, which includes more than two decades of claims data, there is typically a 35% increase in the number of cyber claims across all types and sizes of retail businesses during the holiday season.

New technologies continue to have a tremendous impact on how, when, and where people make retail purchases. These conveniences, however, can open up retailers to vulnerabilities, leaving them susceptible to a variety of attacks. While the types of attacks continue to evolve, there are three specific threats that are particularly problematic for retailers.

First are phishing attacks, which can allow cyber criminals try to fraudulently obtain and use credit card account numbers through compromised point-of-sales systems or a store’s server. In addition to reputational damage, this can result in high costs to pay for forensic teams, legal fees, and public relations firms, among other loss-mitigation efforts. Additionally, retailers may have to pay credit card companies for the cost to replace stolen credit cards, and the retailer may even be subject to class-action lawsuits.

The second threat centers on a Distributed Denial of Service, also known as DDoS attacks, when the retailer’s computer system is overwhelmed by bogus internet traffic and becomes disabled, preventing normal business sales and operations. These attacks affect many different types of businesses and stem from numerous sources, making it difficult to control.

The third threat involves the collection of children’s personal information: Businesses that provide websites, apps, and other online services that interact with children aged 13 and under are required by law to provide notice and obtain parental consent, with limited exceptions, before personal information is collected from a child. During the past several years, the Federal Trade Commission has imposed significant penalties against companies that do not comply with the law, with fines exceeding $40,000 per violation.

The good news is that retailers can take actions to help protect their businesses and reduce their exposure to loss.

The most important step is to be educated about the constantly evolving cyber threat landscape.  A critical tool in the educational arsenal is The Chubb Cyber IndexSM, which includes data that can be segmented by industry and size of business. Chubb’s interactive tool provides users with a simple way to identify the top cyber risks businesses may face based on real-world examples.

By better understanding their exposures and the potential impact to their company, businesses can take critical steps to help mitigate their risk and protect their assets.

To learn more, visit us at www.chubb.com/cyber. There, you will find access to the Chubb Cyber IndexSM, as well as a host of resources on how you can protect your business.

Anthony Dolce is Vice President, Cyber Lead, North America Cyber Claims.

The opinions and positions expressed are the authors’ own and not those of Chubb. The information and/ or data provided herein is for informational purposes only and is not a substitute for professional advice. Insurance coverage is subject to the language of the policies as issued.