How ransomware attacks devastate consumer perception of retailers
Mick Bradley, VP EMEA Arcserve
As lockdowns around the world forced physical stores to close, UK retailers had to shift onto online platforms practically overnight to maintain their revenues, which led to many ecommerce companies posting record numbers. And, while brick and mortar sales have recorded some of their sharpest monthly drops since World War II, data from the National Office of Statistics shows online retail volumes have increased overall.
But this increase in online shopping has only made retailers and ecommerce companies a more attractive target to cybercriminals trying to turn a profit by disrupting services and stealing data. Card payment data is one of the most easily monetizable forms of personal data according to research from Sophos and Verizon, and the sheer volume of card data online retailers hold makes them a tantalizing target. In fact, since the lockdown began, cybercriminals have dramatically ramped up activity and UK security agencies have issued warnings against such cyber threats. As such, UK businesses need to consider more than just the short-term ramifications of these encroaching attacks, too, as the immediate remediation expenditures may only be the tip of the iceberg, according to new research from Arcserve.
In a global survey of 2,000 consumers, they found that UK shoppers have little sympathy for retailers who suffer outages caused by ransomware attacks and will look to take their business to other retailers after experiencing a disruption. Now, with lockdown restrictions beginning to ease and retailers reopening physical stores gradually, we are seeing a new level of openness to emerging technologies such as contactless payments and mobile self-checkout to help maintain social distancing. But, as we saw during the shift to online ecommerce platforms, it will be imperative for retailers to remain vigilant of cybercrime as they implement new tech – otherwise, it can ultimately cost them consumer trust.
Consumers will happily turn to rival retailers
Arcserve’s survey found that consumers trust in brands diminishes after they suffer ransomware attacks, with 60% responding that they would avoid purchasing from a business who has fallen victim to a cyberattack in the past year. Cyberattacks, such as the recent ransomware attack on British foreign exchange firm Travelex, leave behind a bitter taste in the mouths of customers and negatively impact customer retention and loyalty.
But it doesn’t stop with the individual customer. Forty-five percent of survey respondents said that they share their negative experiences with friends, family, and colleagues. With business review sites such as Yelp, reputations are at the liberty of a consumer’s opinion. With business disruptions becoming increasingly commonplace due to ransomware and other evolving cyber threats, consumers are becoming more vigilant towards the security of companies they purchase from. If their data is exposed due to a cyberattack, customers will take their business elsewhere and share their experience with others. This can harm growth and cause further financial damage far beyond the attack itself.
A clean security record boosts loyalty and offers ROI
To prevent this from happening, retailers must review their cybersecurity, business continuity, and disaster recovery plans to win and maintain consumer trust. The survey also found that over 40% of UK customers said that they were willing to pay more for a product or service if they can trust a business to reliably protect their PII, so doing this can add real long-term value.
To do so, IT teams at retail organisations should begin by conducting a risk assessment of the current threat landscape. The plan itself should be rigorously tested and then shared across the business so that in the event a cyberattack does slip through, employees know exactly what to do. Furthermore, it is advisable that retailers choose service providers that offer integrated cybersecurity and data protection to reduce the risk of creating security gaps and making it easier to deploy a multi-layered defense.
Retailers must make sure data protection is given careful consideration, since any disruption or data protection discrepancies can have severe long-term business implications that go well beyond the short financial ramifications of a cyberattack. Though the short-term costs of website downtime, supply chain disruption, or additional IT services a cyberattack brings may be steep and unwanted, Arcserve’s data shows these costs they may pale in comparison to long-term damage to brand value. Consumers want assurance that the businesses they spend their money with are safe and if they perceive that it is, then customers will continue to purchase from that brand.
This was posted in Bdaily's Members' News section by Arcserve .