The importance of robust cyber security cannot be overstated, especially for the retail sector. As most retailers have moved online, the security of customer data, particularly payment card details, is paramount. Our research provides evidence of consumer concerns.
A cyber security breach can lead to devastating consequences, not only for the retailer in terms of financial losses and legal ramifications but also for customers whose personal and financial information may be compromised.
Growing concerns among consumers
Our research indicates a significant increase in consumers' concern about the security of their personal data. On average, 60%* of men and women report being more worried about their personal data security than a year ago.
The level of concern regarding retail payment card security is alarmingly high. Our study* shows that 36% of consumers are concerned about their credit/debit card data when making purchases in High Street stores. This concern escalates to 67% for online purchases.
The chart shows even deeper concern among adults 35-54 years old when making online purchases, compared to younger shoppers. These statistics highlight the critical need for retailers to adopt comprehensive cyber security measures to protect customer data.
The reality of cyber threats
Despite a common belief among smaller retailers that they are unlikely to be targeted by cybercriminals, the reality is starkly different. Recent figures from the Information Commissioner's Office (ICO) place retailers among the top four sectors for data incidents, with ransomware attacks particularly prevalent.
The wealth of payment data retailers hold makes them a tempting target for cybercriminals, underscoring the need for robust cyber security defences.
The value of cyber security certifications
Obtaining cyber security certifications such as ISO27001 and Cyber Essentials Plus is crucial to mitigate these risks and reassure customers. These certifications serve as badges of trust, demonstrating a retailer's commitment to protecting customer data and maintaining high security standards.
ISO27001 is an internationally recognised standard that outlines best practices for an information security management system (ISMS). It provides a systematic approach to managing sensitive company information so that it remains secure.
Compliance with ISO27001 signifies that a retailer has implemented comprehensive security measures to protect against unauthorised access and data breaches.
Cyber Essentials Plus is a higher level of certification under the Cyber Essentials scheme, offering a more advanced level of assurance. Audited technical verification ensures that retailers have implemented essential security controls to protect against common cyber threats.
Building customer confidence
By achieving these cyber security badges, retailers can significantly enhance customer confidence. Consumers are more likely to trust and feel comfortable sharing their payment card details with retailers that can demonstrate their commitment to cyber security.
In addition to protecting the business and its customers from a data breach's financial and reputational damage, these certifications can differentiate a retailer in a competitive market, attracting customers who prioritise security in their shopping decisions.
Retail cyber security summary
The retail sector should prioritise robust cyber security to protect against the ever-present threat of cyberattacks. Certifications such as ISO27001 and Cyber Essentials Plus offer valuable reassurances to customers, building trust and confidence in the retailer's ability to safeguard payment card details.
In an era where consumer concern over data security is at an all-time high, investing in comprehensive cyber security measures is not just a necessity but a strategic business decision that can secure a retailer's reputation and customer loyalty in the long term.
* Source: OryxAlign, October 2023 n=1,411
** Source: OryxAlign, March 2024 n=1,462
