The number of UK retailers who have fallen victim to cyber attacks has doubled in the past year, new figures have shown.
Data from law firm RPC says the number of retail businesses reporting data breaches to the Information Commissioner’s Office jumped from 19 in 2015/16 to 38 in 2016/17.
The risks involved in data breaches are increasing in the retail industry, as retailers accumulate more and more personal information on their customers as part of their Big Data initiatives.
The rise of online shopping, loyalty programmes, digital marketing and offering electronic receipts in-store mean that even a small multiple retailer will be gathering the kind of data that hackers are looking for.
RPC adds that the retail industry is beginning to feel the pressure to invest more heavily in cyber security.
The regulatory burden and financial risks involved in a data breach will increase substantially when the General Data Protection Regulation (GDPR) comes into force in May 2018. These rules will make reporting breaches mandatory and see companies potentially facing large fines.
Jeremy Drew, partner at RPC, said: “Retailers are a goldmine of personal data but their high profile nature and sometimes aging complex systems make them a popular target for hackers.
“There are so many competing pressures on a retailer’s costs at the moment – NMW rises, rates increases, exchange rate falls, as well as trying to keep ahead of technology improvements – that a proper overhaul of cyber defences can get pushed onto the back burner.”