BRC launches cyber-security toolkit to help retailers

The British Retail Consortium (BRC) has launched a cyber-security ‘toolkit’ to help retailers protect themselves and their customers online.

Working with Minister For Vulnerability, Safeguarding And Countering Extremism Sarah Newton and the National Cyber Security Centre (NCSC), the toolkit provides businesses of all sizes with a practical, step-by-step guide to prevent and manage cyber-security threats.

Online retail sales have grown by around 10 to 15 per cent each year. However, there has also been a parallel rise in more elaborate forms of cyber-related crimes, such as doxing [searching for and publishing private or identifying information about an individual on the internet, usually with malicious intent], whaling [a form of personalised phishing] and spoofing, against both retail businesses and online shoppers.

Consumers spend around £1 in every £4 online and according to the BRC Annual Retail Crime Survey 2016, an estimated 53 per cent of reported fraud in the retail industry is cyber-enabled. This represents a direct cost of around £100 million.

The Minister said: “Crime is changing and so the way we all work to tackle it must change too. We are already taking world-leading action to stamp out cyber-crime and fraud, including investing £1.9 billion in cyber-security over five years. But, as we have said, the Government cannot do this alone.

“Businesses have a responsibility to take steps to protect themselves and their customers, which is why we are delighted that the BRC has introduced their cyber-security toolkit to help retailers to do so.”

In developing this toolkit, the BRC said it was driven by a desire to keep pace with the evolving risks associated with operating online. It also wanted to make sure that consumer expectations around the protection of personal data is met.

The toolkit’s recommendations include, establishing cyber-security as a board-level issue, retail-specific information sharing, completing a cyber-security risk assessment, and creating an incident response plan.

It also provides a guide to preparing, responding, recovering and reviewing attacks.

Hugo Rosemont, policy adviser on crime and security at the BRC, added: “The UK is one of the leading e-commerce markets in the world. The BRC Cyber Security Toolkit is designed to equip British retailers with the know-how, guidance and practical support that will help the industry stay ahead of the ever evolving threats posed by cyber-related criminality.

“All parts of the retail industry have a large and growing stake in keeping customers safe and secure, and the industry is committed to ensuring the strongest possible measures are in place – all the way through from prevention to incident response.”

Dr Ian Levy, technical director at the NCSC, concluded: “The retail sector is vital to the UK’s economic well-being and both the sector and its supply chain are increasingly reliant on online safety and security.

“The NCSC is delighted to be working with the BRC in finding innovative ways to make the UK a safe place for citizens, e-commerce, small businesses and large chains to do retail business online.

“We are committed to giving individuals and businesses of all sizes confidence to deliver success in our increasingly digitalised economy, and were pleased to support the development of this toolkit.”