Retailers should regularly review cyber controls as threat of attack increases

In view of recent cyber attacks on British department store Harrods, apparel retailer Marks & Spencer and others, audit, tax and consulting firm RSM UK is advising retailers to regularly review their cyber risk controls to ensure “they are as robust as possible”.

“Retailers are already navigating a difficult trading environment shaped by fragile consumer confidence, increases in employment costs and shifting spending habits. The recent wave of cyber-attacks adds another critical layer of risk, one that can significantly damage consumer trust, disrupt operations, and harm brand reputation overnight. In a sector where customer loyalty is hard-won and competition is high, ensuring data security and operational continuity is paramount,“ cautions Jacqui Baker, partner and head of retail at RSM UK.

She also points out the speed and sophistication with which cyber risk moves, particularly due to advancements in technology. “Quite often, it is a case of when, not if, one takes place, so it needs to be high up on retailers’ risk register,” Baker advises.

Agility is another key to retailers’ responses because what might solve an issue today might not work tomorrow. “Retailers must now view cyber resilience not only as a technical requirement but as a core component of customer experience and brand protection,” she states.

Priority and agility are key when fighting cyber crime

“These recent attacks on retailers serve as a warning to all businesses to continuously assess and tighten up their cyber security measures. Organisations are accountable for effective governance, cyber controls, resilience and importantly, robust plans to respond effectively to cyber incidents,” adds Sheila Pancholi, technology risk partner at RSM UK.

"The first line of defence against cyber attacks is often employees, so it is important to also ensure staff are regularly trained and educated on cyber risks and how to spot attempts to access systems via increasingly sophisticated phishing emails (e.g. ClickFix Phish) or links to bogus websites,” adds Pancholi.

According to the UK‘s National Cyber Security Centre (NCSC), half (50 percent) of businesses and two thirds (66 percent) of high-income charities have experienced some form of cyber security breach or attack in the last twelve months. The prevalence of attacks is even higher amongst medium-sized and large businesses (70 and 74 percent, respectively).

Thus, the organisation launched its Cyber Governance Code of Practice earlier this month. It provides organisations with clear guidance and best practices on managing cyber risk.

“We welcome the government’s recent Code of Practice which supports businesses in governing their cyber risks to enhance operational resilience,” says Pancholi.

The expert points out that the threat landscape will only increase given increasing geo-political tensions and highly sophisticated cyber criminals operating on an industrial scale and with broader targets across industries. “This raises a question of whether the current voluntary code goes far enough?,” asks Pancholi.