UK retailers risk losing customers over cyberattacks as shoppers reveal security expectations

UK retailers that suffer cyberattacks risk losing customers who have certain expectations about the security of their personal data, new research from Akamai has revealed. What’s more, those that do suffer data breaches could face action from customers seeking compensation. The findings come in the wake of new guidance from the UK’s National Cyber Security Centre (NCSC) designed to help online retailers protect themselves and their customers from cybercriminals.

Cybersecurity a key dampener of British consumer confidence in retail sector

Akamai’s findings come from YouGov data of 2,171 UK adults and reveal a distinct connection between customers’ perceptions about a retailer’s cybersecurity and their spending habits. The majority (59%) of online shoppers surveyed said they would stop shopping at a retailer if it was the victim of a cyberattack, whilst 49% stated they do not trust retailers to keep their personal details safe and 46% would expect compensation from a retailer following a breach.

Furthermore, 70% of online shoppers said they assess how secure a retailer’s website looks before buying with 91% claiming they would abandon their shopping cart if a website did not appear secure enough. The majority (59%) also said they would tell their friends to stop shopping with a retailer if it had been the victim of a cyberattack, whilst 79% of respondents prefer better data security over a more personalised shopping experience.

As for customer expectations around how retailers should address their cybersecurity strategies, 76% of those surveyed said they expect retailers to invest heavily in data protection and security as opposed to educational campaigns or communications (37%). Commenting on the research, Richard Meeus, director of security technology and strategy EMEA at Akamai, said, “With cyberattacks on the rise, it is more important than ever for retailers to ensure their customers feel safe and secure while shopping online. At this time of economic uncertainty, many retailers will be tempted to cut budgets. This research shows that cybersecurity is one area where they cannot afford to cut corners. Consumers are ready to walk out on retailers over bad cybersecurity.”

UK retailers urged to ditch password-only authentication, tackle website spoofing

In September, the UK NCSC published two pieces of new guidance for online retailers to help them improve cybersecurity and protect themselves/customers from cybercriminals. The first focused on helping UK organisations select appropriate methods for authenticating their customers beyond relying on passwords, which can be easily stolen and exploited. Instead, the NCSC said that online retailers should implement additional methods of authentication, which make abusing customer accounts more difficult for criminals. The guidance focused on four enhanced authentication models specifically:

• Multi-factor authentication (MFA)
• OAuth 2.0
• FIDO2
• Magic links and one-time passwords

The second piece of guidance was aimed at helping businesses protect their brand from being exploited online, with specific focus on the removal of malicious content such as phishing sites. These typically spoof well-known retailers to exploit brands and customers, leading to false representations of products or services, fake endorsements, and credible-looking malware campaigns, the NCSC stated. Its guidance set out the steps online retailers can take to initiate the takedown of malicious content, which includes contacting abused hosting companies and domain registrars in addition to the mechanics of obtaining the services of a specialised takedown provider.