1. Comment
  2. Comment
October 26, 2021

Tesco attack shows why retail companies must invest in cybersecurity

By GlobalData Thematic Research

The Tesco app and website went down for two days last weekend after a hack attempt. Tesco will suffer for the lost orders, and was lucky not to lose any data. Companies should reframe their idea of cybersecurity investment from an irritating necessity to an opportunity to win consumer trust.

Online orders contribute more than ever to retailers’ revenues. The shift in consumer preferences from in-store to online shopping had long been in motion, and Covid accelerated it exponentially. GlobalData found that 40% of global consumers shopped online more frequently after the pandemic. Tesco receives 1.3 million online orders every week. As retailers’ online offerings become more valuable, hacking them becomes more lucrative.

Cyberattacks are increasing

Neglecting cybersecurity while digitalizing is a storied error, but its repetition isn’t surprising. Cybersecurity is expensive, and is not a new product or function. Considering also that during Covid digitalization needed to be done with less spare cash and more urgent execution deadlines, it’s easy to believe many companies may not have the cybersecurity to support their new digital offerings.

This belief is vindicated by the abundance of recent high-profile, successful attacks. Retail is one of the most targeted industries. This very month, US department store Neiman Marcus suffered a breach that affected millions of customers.

Consumers have fairly low faith in companies’ cybersecurity capabilities. The paradigm is ‘Cyberinsecure until proven secure’. There is an opportunity for retailers here. Every company claims to be cybersecure, but those that have successfully fended off cyberattacks can do so with a new legitimacy. They may win personal-data conscious customers from ‘unproven’ competitors.

Tesco was lucky – but a successfully defended attack could be a blessing

Executives should reframe their idea of cybersecurity investment in a more positive light. Rather than an irritating necessity, it is an opportunity to win consumer trust.

And regardless of in what light cybersecurity is seen, attacks on retail companies will not relent in the near future. Operations evolution in the next five years will involve heavy adoption of the internet of things (IoT), cloud, and big data technologies, as supply chains and stores become more automated and more analysed. Each of these technologies, particularly IoT increases its adopter’s cyberattack exposure.

The consequences of suffering an attack and failing to defend it are already disastrous, and will only become more grave as more and more consumer data is online. Health data is a particularly sensitive example. Consumers may soon entrust retailers with their health data so that they can select products that support their health objectives. They will take a very dim view of retailers that let such data slip.

Retailers must invest in cybersecurity. Failing to do so is a definite loss; doing so should certainly prove to be an outright win.