The frequency of cyberattacks has been increasing since 2020, with notable attacks on JD Sports and WHSmith reported in Q1 2023, as widespread remote working that began in response to Covid-19 enabled hackers to easily target employees accessing corporate networks through VPNs, according to GlobalData’s Cybersecurity in Retail and Apparel 2022 report. However, security breaches remain a significant threat even though companies have improved their cybersecurity in response to these threats through investment in zero-trust network access (ZTNA), which enables secure access to internal applications for remote workers. Retailers must focus on protecting both consumer and employee data through ongoing investment in cybersecurity, enabling them to prevent cybersecurity attacks in the first place. Indeed, not doing so will only dampen consumer confidence in e-commerce, potentially inhibiting sales via this channel.

The recent cyberattack on WHSmith on Thursday 2 March 2023, during which a hacker gained access to the details of current and former employees, should provide a stark warning to all retailers that cybersecurity investment is a necessity, not an option. The saving grace for WHSmith was the separation of the customer database from its company database, which allowed the retailer to continue trading as normal, something it was not able to do when the books, news and stationery specialist’s online fascia, Funkypigeon, was hacked in April 2022. Funkypigeon’s FY2021/2022 results (to August 2022) highlighted that the online greeting card specialist’s revenue fell 35.8% on the previous year, and while this was largely due to the shift back to stores post-pandemic, it was exacerbated by this security breach, evidenced by rival Moonpig being better able to navigate this shift in consumer behaviour (revenue -17.3% in its FY2021/2022 results to April 2022).

Not only are cyberattacks a risk to retailers’ sales, if websites may need to be shut down in the short term, but they also impact customer loyalty and trust in the retailer. Retailers must act quickly to strengthen their cybersecurity to retain their shoppers, as consumers may switch to retailers with more credible reputations. These types of threats will be particularly concerning for online specialists as their customers may be tempted to return to shopping in stores once their trust in buying online is damaged. Using tools such as threat detection and response (TDR) which would identify threats before any malicious behaviour can take place, will add a layer of defence to minimise the frequency of such cyberattacks, thus helping to alleviate existing shoppers’ worries about the security of their personal details.

The UK online retail market benefited from the pandemic driving more consumers to shop on phones and computers, and many retailers improved their online platforms to make it easier to purchase, which likely resulted in more shoppers storing card details online to allow for faster checkout. However, with 65.0% of consumers stating that they are concerned about storing their payment details online, retailers still have a long way to go in strengthening their online safety before consumers’ worries are placated. Retailers should give consumers the option to pay through third parties such as Paypal, as 58.5% of consumers stated that they prefer to pay through these providers, as this will streamline the online shopping journey while ensuring that shoppers feel more confident and secure when paying online.