Key takeaways
Cyber threats demand proactive retail strategies
Retailers face growing risks from ransomware and data breaches planning ahead is essential.
Build a cross functional response team now
Include IT, legal, and leadership roles with clear protocols for swift action.
Test your plan through regular simulations
Tabletop exercises and drills ensure readiness and protect brand reputation during crises.
With recent high-profile ransomware attacks aimed at the UK retail sector, the need for a robust response plan has never been more urgent. Our cybersecurity experts urge all retail businesses to reflect on their preparedness for cyber incidents.
Effective cyber incident response planning is critical to mitigate damage, protect sensitive data, and maintain shareholder confidence in the event of a cyber attack. It may also stave off customer claims airing out of lost data.
With cyber attacks becoming more and more sophisticated, hiding behind seemingly legitimate email addresses or tailored and personalised messages, it is more important than ever is your organisation’s preparedness to deal with such an incident.
Recent retail sector incidents include:
A major UK retailer was hit by a sophisticated ransomware attack that shut down online sales and internal systems for over six weeks. The attackers infiltrated the company via a third-party vendor and deployed ransomware to its infrastructure.
A flagship retail brand in the UK faced intrusion attempts that forced the retailer to restrict internet access across its stores, disrupting its internal operations with its virtual infrastructure attacked.
A key logistics supplier to UK supermarkets was compromised, disrupting deliveries and exposing the fragility of retail supply chains when third-party vendors are targeted.
The below areas are key points we would urge retail and leisure businesses to consider given the prevalence of the issue, and where we are able to support should you have any questions.
Stress testing your cyber incident response plan
To gauge your organisation’s readiness, begin by addressing the following key questions:
Do you have a designated Cyber Incident Response Team within your organisation?
Who is on the team and what skills do they bring?
Identify key personnel from IT, legal, communications, risk management, and senior leadership.
How do they communicate during an incident?
In case your system is compromised, do you have alternative means of communication such as secure messaging apps or offline communication plans?
Ensure: Each team member is trained on using backup communication methods (e.g., SMS, phone, encrypted messaging services).
Accessible backups: Is there a copy of the Incident Response Plan stored in a secure, non-digital format? How will you access the plant if it is stored on the very systems that have been compromised? Consider storing hard copies and keeping digital versions accessible on external drives, cloud systems, or physical locations not affected by system outages.
Priorities for the incident response team
To ensure effective handling of the incident, your cyber response team must have clear priorities, this should be planned and rehearsed, and you may wish to consider:
An Internal investigation team to detect, contain and identify the nature of the breach. Who is going to oversee this? Your CIO? Does this have board sign off?
Forensic analysis. This would involve engaging forensic experts to analyse the attack vectors, determine the extent of the breach, and collect evidence for post-incident review. Who are your short-listed forensic experts and do you know how to contact them out of hours?
A communication strategy i.e. the timing and frequency of staff and shareholder notifications. In doing so, the team must ensure compliance with data breach notification laws in place at the time (and if relevant across various jurisdictions) and be sure to notify regulatory authorities within the legally mandated time frame too.
A legal team – those to help you notify regulators, protect the organisation’s position in respect of possible future civil claims and/or undertake aspects of your internal investigation which, with lawyer involvement, may then have the benefit of legal professional privilege.
CEO and Board alignment
In a cyber crisis, the CEO often plays a pivotal role in maintaining the organisation’s reputation, in calming stakeholders and perhaps also employees. It will be important to ensure that the CEO and board are:
Prepared with draft statements: A pre-drafted statement (or a series thereof) should be ready to use, making sure the messaging is consistent with the organisation’s values and business priorities and has been checked by a member of the legal team.
Informed and involved during an incident: Regular briefings on the incident’s scope, organisational impact, and response strategy.
Regular drills and Simulations
We recommend conducting cyber incident response drills regularly to ensure readiness. This can include tabletop exercises which would involve organising simulations with key decision-makers to test response effectiveness and communication channels.
At Hill Dickinson LLP, our cyber security experts also found that role play and/or targeted discussion at board level can also be really effective in preparing your organisation for serious incidents such as cyber attacks. Please contact our team today to find out more.