UK Retail Data Breach Incidents Double in a Year
The number of UK retailers experiencing data breaches has doubled over the past year, according to new stats shared by law firm RPC.
The City-based firm claimed that the number of breaches reported to data protection watchdog the Information Commissioner’s Office (ICO) increased from just 19 in 2015/16 to 38 in 2016/17.
Contrary to some headlines making the news, this doesn’t necessarily mean an uptick in malicious activity by third parties; breaches can commonly be caused by employee error, negligence or deliberate actions.
Nevertheless, the stats highlight a growing problem for the UK’s retailers, and the need for further investments in cybersecurity, according to RPC.
Partner Jeremy Drew argued that cost pressures including rates and minimum wage increases and the declining pound can often take precedent.
“Retailers are a goldmine of personal data but their high-profile nature and sometimes aging complex systems make them a popular target for hackers,” he added.
“As the GDPR threatens a massive increase in fines for companies that fail to deal with data security, we do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained.”
David Kennerley, director of threat research at Webroot, argued that retailers need to focus both on their internal security and on ensuring customers stay safe online.
“Retailers need to keep PoS software up-to-date and deploy threat protection and detection on these devices, while not forgetting the importance of the physical security of PoS systems. Where possible, two-factor authentication should be used internally and by their customers. Online transactions should always require the CVV number is entered by the customer for every transaction,” he said.
“Retailers need to make sure all data that they store and transmit is encrypted, access is only given to those within the organization that need it to perform their job and at the same time ensure any third-party entities are maintaining the same high standards.”
Source: Information Security Magazine