Retailers lose thousands to cyberattacks every year


A new financial year is a great time to implement new processes and systems, particularly if there are areas you’ve been putting off actioning in the past. For retailers, particularly small businesses, cybersecurity often falls into that category.


The Australian Cyber Security Centre recently found that nearly half of Australian SMEs spent less than $500 on cybersecurity last year, despite research from Chubb Insurance finding over 60% of Australian SMEs have experienced a cyber incident in the past 12 months


The last four months during the COVID-19 pandemic have not only been some of the most dangerous for the physical health of all Australians, but also for their digital health. With revenue for the online shopping industry jumping to 21.8 per cent in March 2020 compared to March 2019 [source: NAB Online Retail Sales Index], consumers are increasingly shifting their shopping activity online, making retailers more reliant on digital platforms than ever before. 


Many retail businesses, particularly small businesses, had to focus on operationalising first and securing second. Now is the ideal time to review all your platforms and systems, assess what scams or cyber attacks might pose the biggest risk to your business, and take steps to improve the protection of this information.  


What are the cybersecurity risks that affect retailers the most?


Card fraud and the penalties from payment platforms as a result of fraud are the biggest and more consistent cyber issue affecting retailers, and these issues affect businesses big and small. “Card-not-present” fraud, or fraud committed by using a card that the merchant doesn’t see (eg the ‘customer’ purchases something using stolen details of a valid card) doubled between 2011 and 2017, and the Australian Payments Network says the continued rise of this fraud reflects that perpetrators follow Australian consumers at pace to new online retail platforms. In most “card-not-present” cases, all four of the major banks will make the merchant pay back the actual customer.


The security of your website is just as important as the security of your payment platform. Platforms like WordPress and Magneto, while popular for retailers, have vulnerabilities that can make your business an easy target for criminals collecting card details – it happened to Kathmandu just last year


Supply chain issues, like the cyber attacks that have affected Toll’s customer data this year, can cause issues for retailers in securing customer and confidential information. And ransomware attacks can hit retailers too, as IN SPORT, a NSW-based retailer, learned this year when its head office server and computers were ransomwared, leaving the business unsure what files the attackers accessed.


What can I do? 

  1. Protect your passwords; very often cybersecurity issues come down to poor password management so start using a password manager and enable two-factor authentication 

  2. Don’t get tricked; If an invoice you’ve received comes from a different business contact or just looks a bit different, avoid being tricked by making a call to the business you’re paying and check it to confirm before you pay the invoice

  3. Don’t think it won’t happen to you; Scammers don’t discriminate on size, they can hit thousands of small businesses at the same time 

  4. Get Cyber Fit; Just like getting fit doesn’t happen with one workout, Cyber Fitness is all about taking small incremental steps to improve your cybersecurity every day. The first step is to understand what you have to lose and what tech you rely on. What data do you have and what is valuable?


Small business owners can take an online survey or enrol in a Cyber Fitness Bootcamp to help them understand the risks and what they can do now to protect their business.

Susie Jones is the co-founder and CEO of Cynch Security.