The Hefty Price Tag for Email Insecurity in Retail

From promotions and loyalty points to invoices and tracking, email underpins the vital network of communication between shopper and seller. And it isn’t going anywhere.

More than 300 billion emails were sent every day in 2020, and this is set to grow by an impressive 76 billion in the coming years. So surely the players in the retail industry – worth $25 trillion dollars – are doing everything possible to keep this channel secure?

Think again. As of March 2021, only 6% were fully protected against domain impersonation (i.e. fully DMARC compliant).

This means they are highly vulnerable to email impersonation and all the threats that come with it, such as business email compromise (BEC) and phishing attacks. These can result in the loss of capital, consumer trust, brand equity, and much more.

Below, we’ve totaled up what retail businesses, online stores, and eCommerce sites may have to pay if they don’t secure their domains and improve their cybersecurity posture.

$30 billion retail funds lost to cyber attackers year on year

No business is fully immune to the threats of cybercrime. But unfortunately for retail businesses, their handling of personal and sensitive data makes them particularly susceptible to impersonation attacks.

Most worryingly, almost a quarter of all cyber attacks are aimed at retailers and this is costing the industry more than $30 billion every year. This mammoth sum is likely made up of ransom demands, money lost to fake invoices, loss of retail sales due to damaged consumer trust, and even fines.

$28 million penalties for insufficient data safeguarding

Retail businesses are some of the largest holders of valuable customer data. With everything from credit card numbers to personally identifiable data and behavior insights, retailers are legally responsible for safeguarding this highly sensitive personal data. So unsurprisingly the penalty for not putting sufficient protocols in place to protect data privacy is high.

The UK’s far-reaching GDPR imposes fines of up to £20m (about $28m or €23.5m) or 4% of annual revenue for each data breach. While GDPR is a UK law, its policies apply to any company doing business with EU citizens. When it comes to global retail, that’s a lot of companies.

Irreparable damage to reputations and relationships

Shoppers take their trust in who they buy from seriously. 22% of customers will stop buying from a business after it has been attacked, and 67% admit that they trust a company less after a data breach.

As well as this, global communications firm Edelman found that protecting customer privacy and data was ranked the 6th most important factor in trusting a business.

So it’s hard to decide what’s more unnerving for retail and ecommerce businesses: their disproportionate share of cyber attacks or the irrevocable damage that occurs when things go wrong.

Permanent cracks in your supply chain

When your company isn’t DMARC compliant, it’s not just your business and brand at risk. Your customers, employees, suppliers and stakeholders are too. After all, these are the people who’ll be receiving malicious phishing emails in your name.

The responsibility to protect employees, customers and business partners is shared by all retailers, and it’s vital that they put the measures in place not just to cover their reputation, but also to protect those within their sphere of influence.

How retailers and eCommerce businesses can fight back

Different retailers will always have different priorities. Some consider their brand equity and relationships most important, while others believe their bottom line is the best indicator of their success.

But whatever a retail business considers most valuable, it’s clear that the overwhelming majority lack the security to protect this. While there are a number of different solutions for threats in the cybersecurity space, full DMARC configuration should be the retail sector’s first step for securing domains, brand reputations, supply chains and bottom lines from the cost of impersonation fraud. Security for your business is priceless.

With our free investigate tool you can check your DMARC setup today.

Check email DMARC setup

PUBLISHED BY

Sabrina Evans

3 Jun. 2021

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more