BRC calls for more collaboration to combat cybercrime

The signs are apparent that cybercrime is becoming an increasingly major threat to the retail industry.

According to the British Retail Consortium's (BRC) annual Retail Crime Survey, cybercrime was experienced by "the majority" of retailers in 2012-2013. Hacking and denial of service attacks were deemed to be the most critical threats, while the most common cybercrime attacks for retailers last year were from computer viruses and malware.

Meanwhile, Ian Woosey, senior director at professional services firm Alvarez & Marsal and a former retail IT director himself, recently warned retailers that the issue of cybercrime should be placed on top of the boardroom agenda for 2014.

It is against this backdrop, last week, that the UK's largest retailer Tesco saw some its customer data hacked, resulting in thousands of consumers' personal details being made public online. Over the last few years, other industry players such as cosmetics retailer Lush and kitchen goods supplier Lakeland have also been forced into defensive action after cyber-thieves infiltrated their online systems.

Cybercrime is clearly an issue that a growing number of retailers are having to battle against, and BRC director of business and regulation, Tom Ironside, told Essential Retail that more must be done to help companies fend off the digital crooks.

"In order to effectively combat cybercrime, the BRC wants to work closely with the new National Crime Agency’s Cyber Crime Unit," he explained.

"So far the engagement has been positive but there's more that needs to be done. It’s important that retailers have a single point of contact within the agency, so that they know where to turn to if they suffer a serious cyber-attack. At present businesses do not understand when they should report an incident, or what the law enforcement response would be if they did."

When it comes to instances of cybercrime, retailers will naturally make moves to secure their customers personal details and to follow a course of damage limitation to protect their brand image. But there are arguably other issues to consider that are far wider reaching for their businesses.

Some of these factors are discussed in Woosey's exclusive series of comment pieces for Essential Retail – the next of which will be published later this week – but other experts in the field have had their say on the Tesco case in recent days.

Phil Beckett, managing director at corporate forensic investigation and e-disclosure firm Proven Legal Technologies, is one who argues that data loss can have a number of implications to organisations of all sizes.

"It is arguably more important to consider the loss of intellectual property as well as customers' private data as this can really impact a company's bottom line," he commented.

"The real task for businesses – both large and small – is to identify the scope, risk and impact of a potential data loss so that they can respond appropriately before they appear in headlines such as this. This is a serious undertaking."

Retailers appear confident that they are entering into a positive relationship with the National Crime Agency's Cyber Crime Unit, but with technology evolving all of the time, it is often the case that the criminals are one step ahead of the law enforcers when it comes to understanding new systems and methods of attack.

It will not be an easy task to clamp down on cybercrime – and one can argue that it is wishful-thinking that the problem will ever be eradicated altogether – but there is a common appreciation that there is an opportunity to make some positive ground if all individual stakeholders work together on this issue.

"We want to see better information sharing about potential cyber threats so that retailers can take their own preventative action," the BRC's Ironside added.

"The authorities, the BRC and individual retailers need to work ever more closely together if they are going to effectively combat this emerging threat."