New research from Akamai reveals that most UK shoppers would refuse to buy from an online retailer that has suffered a data breach. Credit: Thinkstock UK retailers that suffer cyberattacks risk losing customers who have certain expectations about the security of their personal data, new research from Akamai has revealed. What’s more, those that do suffer data breaches could face action from customers seeking compensation. The findings come in the wake of new guidance from the UK’s National Cyber Security Centre (NCSC) designed to help online retailers protect themselves and their customers from cybercriminals.Cybersecurity a key dampener of British consumer confidence in retail sectorAkamai’s findings come from YouGov data of 2,171 UK adults and reveal a distinct connection between customers’ perceptions about a retailer’s cybersecurity and their spending habits. The majority (59%) of online shoppers surveyed said they would stop shopping at a retailer if it was the victim of a cyberattack, whilst 49% stated they do not trust retailers to keep their personal details safe and 46% would expect compensation from a retailer following a breach.Furthermore, 70% of online shoppers said they assess how secure a retailer’s website looks before buying with 91% claiming they would abandon their shopping cart if a website did not appear secure enough. The majority (59%) also said they would tell their friends to stop shopping with a retailer if it had been the victim of a cyberattack, whilst 79% of respondents prefer better data security over a more personalised shopping experience.As for customer expectations around how retailers should address their cybersecurity strategies, 76% of those surveyed said they expect retailers to invest heavily in data protection and security as opposed to educational campaigns or communications (37%). Commenting on the research, Richard Meeus, director of security technology and strategy EMEA at Akamai, said, “With cyberattacks on the rise, it is more important than ever for retailers to ensure their customers feel safe and secure while shopping online. At this time of economic uncertainty, many retailers will be tempted to cut budgets. This research shows that cybersecurity is one area where they cannot afford to cut corners. Consumers are ready to walk out on retailers over bad cybersecurity.” UK retailers urged to ditch password-only authentication, tackle website spoofingIn September, the UK NCSC published two pieces of new guidance for online retailers to help them improve cybersecurity and protect themselves/customers from cybercriminals. The first focused on helping UK organisations select appropriate methods for authenticating their customers beyond relying on passwords, which can be easily stolen and exploited. Instead, the NCSC said that online retailers should implement additional methods of authentication, which make abusing customer accounts more difficult for criminals. The guidance focused on four enhanced authentication models specifically:Multi-factor authentication (MFA)OAuth 2.0FIDO2Magic links and one-time passwordsThe second piece of guidance was aimed at helping businesses protect their brand from being exploited online, with specific focus on the removal of malicious content such as phishing sites. These typically spoof well-known retailers to exploit brands and customers, leading to false representations of products or services, fake endorsements, and credible-looking malware campaigns, the NCSC stated. Its guidance set out the steps online retailers can take to initiate the takedown of malicious content, which includes contacting abused hosting companies and domain registrars in addition to the mechanics of obtaining the services of a specialised takedown provider. Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe