Retailers are starting to face-up to the growing growing cyber security threats and the implications they could have on the very viability of their businesses.
That is the view of Tom Leman, a partner at Pinsent Masons and head of the law firm’s retail & consumer practice.
“The prospect of a data breach and the outcomes from such incidents are terrifying for both consumers and retailers alike,” said Leman, speaking to the law firm’s own Outlaw.com website. “Where personal information, including rich payment card or bank account information, is compromised there is a very real threat of identity theft and fraud, with knock-on costs and damage to businesses whose data was exposed.
“One particular risk from a data breach incident is the erosion of consumer trust and damage to a business’s reputation and brand. However, there is also the risk that retailers will face a growing cost of doing business if the cost of fraud is passed on to them by banks.”
Leman’s comments followed a legal commitment from Brian McCluskey, the CEO of fashion retailer Office, to the Information Commissioner’s Office (ICO) to improve the company’s cyber security and data protection practices following an attack that potentially compromised more than one million passwords.
Cyber security, he continued, has finally grabbed the attention of top management – none of whom want to be pilloried in public. The string of high-profile attacks on US retailers, who are obliged by various state laws to publicly disclose attacks, an approach being adopted in the European Union, has made them realise how much of a target they are.
Furthermore, they will also have noted the successful attack on Sony Pictures recently, which led to the shut down of the company’s own internal network after sensitive corporate emails were leaked.
“For the chief information officer, they will want to know just how good the security measures deployed by their company are, whilst general counsels need to be confident that they can demonstrate their business did everything it could to protect data and had an effective incident response plan the company acted on in the event of a breach. The Target data breach case in the US highlighted the importance of IT security to retailers as well as the consequences there can be for senior executives and their jobs,” said Lemon.
In the case of the Office breach, while contact information and passwords were taken, bank details remained secure. The stolen data was, apparently, stored on a legacy server that was in the process of being replaced.