In the last 12 months, 39% of UK businesses identified a cyber attack (Cyber Security Breaches Survey, 2022). Cybercriminals have targeted the retail sector specifically, with a 264% surge in ransomware attacks on ecommerce and online retail businesses.’ (Charged). The volume of attacks originating from sophisticated bad bots was most notable across travel (34.2%), retail (33.8%), and financial services (8.8%) in 2021 (Charged). These sectors remain a prime target because of the valuable personal data they store behind user login portals on their sites and apps. Successful attacks can lead to the theft of personal information, credit card data, and loyalty points.
As Clicky works closely with a number of ecommerce and lead generation businesses, our IT and leadership team make it a priority to stay close to industry requirements and changes in legislation around security, data protection and consumer privacy to ensure we carry out our role of Data Processors exactly as the law demands. We frequently conduct internal training and development sessions to ensure our team remains up to date with the latest information and their role within our agency structure.
For clients, sophisticated cyber security strategies are becoming more important as increasing levels of business are conducted online. Around four in five (82%) of boards or senior management within UK businesses rate cyber security as a ‘very high’ or ‘fairly high’ priority, an increase on 77% in 2021. Additionally, 50% of businesses say they update the board on cyber security matters at least quarterly. (Cyber Security Breaches Survey, 2022)
Compromised data is a pertinent issue for consumers, and can mean direct and indirect revenue loss (as well as wider reaching brand damage) when it happens. ‘In 2021, 23 percent of respondents from the UK stated that their organisation lost between £10,000 – £49,000 as a result of a breach’ (Statista), yet this will likely also include some level of underreporting for smaller businesses who do not have sophisticated reporting practices in place. Therefore we can assume the level is higher as more breaches take place.
US fashion brand Next Level Apparel reported a phishing-related data breach in October 2021, resulting in unauthorised access to sensitive information. In April 2022, the online card retailer Funky Pigeon reported a cyber attack that temporarily halted trade with the closure of their website.
More than 300 Spar convenience stores were hit by a cyber attack in December 2021, causing many to close. The attack hit the company’s computer systems, causing a “total IT outage” that has prevented staff from taking card payments and locked them out of emails. These examples caused operational and commercial impact as well as a lasting concern around security and privacy when dealing with those brands in future.
Having a cyber security strategy in place is important for all businesses, as well as choosing to partner with a digital provider who also has this at the top of the agenda if they are to become a Data Processor for you. As part of our ongoing technical systems strategy, we have recently announced our investment in Cyber Essentials Plus – a government approved security scheme that is additionally verified to protect against common cyber attacks, ensuring that our working practices, equipment and policies are coordinated and regulated when conducting our role in processing client data. This rigorous application, testing and ongoing management of our cyber security practices is an investment we consider to be absolutely critical for our clients, and is part of a wider company security strategy which we continually develop.