The Hefty Price Tag for Email Insecurity in Retail

From promotions and loyalty points to invoices and tracking, email underpins the vital network of communication between shopper and seller. And it isn’t going anywhere.

More than 300 billion emails were sent every day in 2020, and this is set to grow by an impressive 76 billion in the coming years. So surely the players in the retail industry – worth $25 trillion dollars – are doing everything possible to keep this channel secure?

Think again. As of March 2021, only 6% were fully protected against domain impersonation (i.e. fully DMARC compliant).

This means they are highly vulnerable to email impersonation and all the threats that come with it, such as business email compromise (BEC) and phishing attacks. These can result in the loss of capital, consumer trust, brand equity, and much more.

Below, we’ve totaled up what retail businesses, online stores, and eCommerce sites may have to pay if they don’t secure their domains and improve their cybersecurity posture.

$30 billion retail funds lost to cyber attackers year on year

No business is fully immune to the threats of cybercrime. But unfortunately for retail businesses, their handling of personal and sensitive data makes them particularly susceptible to impersonation attacks.

Most worryingly, almost a quarter of all cyber attacks are aimed at retailers and this is costing the industry more than $30 billion every year. This mammoth sum is likely made up of ransom demands, money lost to fake invoices, loss of retail sales due to damaged consumer trust, and even fines.

$28 million penalties for insufficient data safeguarding

Retail businesses are some of the largest holders of valuable customer data. With everything from credit card numbers to personally identifiable data and behavior insights, retailers are legally responsible for safeguarding this highly sensitive personal data. So unsurprisingly the penalty for not putting sufficient protocols in place to protect data privacy is high.

The UK’s far-reaching GDPR imposes fines of up to £20m (about $28m or €23.5m) or 4% of annual revenue for each data breach. While GDPR is a UK law, its policies apply to any company doing business with EU citizens. When it comes to global retail, that’s a lot of companies.

Irreparable damage to reputations and relationships

Shoppers take their trust in who they buy from seriously. 22% of customers will stop buying from a business after it has been attacked, and 67% admit that they trust a company less after a data breach.

As well as this, global communications firm Edelman found that protecting customer privacy and data was ranked the 6th most important factor in trusting a business.

So it’s hard to decide what’s more unnerving for retail and ecommerce businesses: their disproportionate share of cyber attacks or the irrevocable damage that occurs when things go wrong.

Permanent cracks in your supply chain

When your company isn’t DMARC compliant, it’s not just your business and brand at risk. Your customers, employees, suppliers and stakeholders are too. After all, these are the people who’ll be receiving malicious phishing emails in your name.

The responsibility to protect employees, customers and business partners is shared by all retailers, and it’s vital that they put the measures in place not just to cover their reputation, but also to protect those within their sphere of influence.

How retailers and eCommerce businesses can fight back

Different retailers will always have different priorities. Some consider their brand equity and relationships most important, while others believe their bottom line is the best indicator of their success.

But whatever a retail business considers most valuable, it’s clear that the overwhelming majority lack the security to protect this. While there are a number of different solutions for threats in the cybersecurity space, full DMARC configuration should be the retail sector’s first step for securing domains, brand reputations, supply chains and bottom lines from the cost of impersonation fraud. Security for your business is priceless.

With our free investigate tool you can check your DMARC setup today.

Check email DMARC setup

PUBLISHED BY

Sabrina Evans

3 Jun. 2021

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more
Certificates

How to build an inventory of certificates for PCI DSS 4.0 Requirement…

Rebecca Warren

We talk to organizations daily that are preparing for PCI DSS 4.0 requirements. March 31, 2025 marks the end of the transition period, and on this date, businesses must be fully compliant with PCI DSS v4.0.1.  One of the ways PCI 4.0.1 varies from PCI 3.2 is an updated Requirement 4, which covers encrypting…

Read more
DMARC

Getting started with the OnDMARC API

Nadim Lahoud

The OnDMARC API is great for performing bulk or repetitive tasks that need to be performed quickly, often and without error – and you don’t need to be a developer or even know how to code to use it. Here, I will walk you through how to perform the common task of updating the…

Read more