What you want is for your customers to shop ‘til they drop. What you don’t want is for your customers to drop your store altogether because they’re worried you’ll lose their personal and financial data.
Does that sound dramatic? Hardly.
In 2013, Target’s fourth quarter sales plummeted by 46 percent after hackers stole the debit and credit card information of 40 million customers. And if you take some comfort from the myth that consumers have a forgive and forget mentality, think again. A survey from FireEye, an American cybersecurity company, found that 76 percent of respondents would shop someplace else if poor data handling processes came to light. Seventy-five percent would stop purchasing from a company altogether if a breach was due to negligence at the board level.
Retailers Are a Favourite Target Among Hackers
It’s the large companies that make the news, but hackers don’t discriminate. Retailers both large and small are an ideal target for anyone looking for a quick payday for the following reasons:
Huge source of customer credit card numbers: Stores hold a substantial amount of credit card numbers, and researchers have found that attackers can readily determine expiry dates and CVVs using distributed guessing.
Outdated systems: Security experts design defenses, attackers find vulnerabilities and exploit them, security experts update their designs. Failing to keep up with these updates can leave you vulnerable. In other words: The defenses of today are ineffective against the attacks of tomorrow.
Point-of-Sale Malware: Debit and credit card information is encrypted when it’s sent for processing, but not while the actual purchase is being made. Attackers exploit this vulnerability to steal data off POS devices and are mindful to cover their tracks.
As you can see, all that access to money turns retailers into hacker honey.
6 Ways Cybersecurity Insurance for Retailers Can Protect You
If the unfortunate happens and customer information is compromised in a cyberattack, the consequences can be financially devastating to your business’s finances and brand.
If it is found that you didn’t take appropriate measures to protect customer data, you may be held liable for the costs associated with the damage. Target wound up paying an $18.5 million settlement after a whopping $202 million in legal fees and other hack-related expenses.
The situation is not entirely hopeless. While it may feel like cyberattacks are beyond your control, there are several steps you can take to protect your company. In fact, hackers often exploit weakness that companies don’t take the time to address. Diligently updating your software and educating your employees on cybersecurity and suspicious links can go a long way towards protecting your company.
But a cyberattack could still happen, and it can become a matter of survival for your company if you can’t afford the associated costs. Cybersecurity insurance for retailers is a must. This makes selecting the right policy vital.
These are a few of the main things cybersecurity insurance for retailers can protect you from in the aftermath of a breach:
- Notifying clients and partners of the breach: Just letting people know about a breach can cost a pretty penny. In 2016, average notification costs for U.S. companies were $0.59 million, according to the Ponemon Institute Cost of a Data Breach Study.
- Credit monitoring services for clients and partners: If sensitive information like social insurance numbers or credit card numbers are compromised, companies will have to spend money on credit monitoring services and re-issuing new cards.
- Paying extortion or blackmail costs: If hackers hold your company’s systems hostage and demand a ransom in order to restore service, paying up is a matter of organizational continuity. But it can be a catch-22 if paying the ransom puts your company in financial jeopardy.
- Hiring a public relations firm: A KPMG study found that 33 percent of respondents wouldn’t shop at a retailer for at least three months after a breach. Loss of customer trust equals a loss of business. Even if your business has the money to clean up the initial mess of a breach, it may not be able to withstand the damage to the brand, making it necessary to hire a public relations firm to do some damage control.
- Covering lost income or revenue: Recovering from a cyberattack takes time, which is time taken away from making money. An insurance policy can help you recoup some of the revenue your company loses.
- Legal fees and regulatory penalties: If financial data is compromised or an investigation finds you didn’t do enough to protect your network, lawsuits and regulatory fines are a very pricey possibility.
Cybersecurity insurance for retailers is a great safety net, but above all, take a proactive approach to your company’s insurance needs. Your organization’s needs will change, so if you pick a basic policy in the beginning, regularly revisit and reevaluate your policy as your company grows.
Zensurance is Canada’s leading online commercial insurance broker. We offer a full range of insurance products to small businesses, with a particular focus on digitizing businesses and technology startups. We understand what it is to work with new technology, and know the most common risks of which you should be aware. Based on that (and a lot of analytics), we recommend the ideal insurance coverage for your business.