From promotions and loyalty points to invoices and tracking, email underpins the vital network of communication between shopper and seller. And it isn’t going anywhere.
More than 300 billion emails were sent every day in 2020, and this is set to grow by an impressive 76 billion in coming years. So surely the players in the retail industry – worth $25 trillion dollars – are doing everything possible to keep this channel secure?
Think again. As of March 2021, only 6% were fully protected against domain impersonation (i.e. fully DMARC compliant).
This means they are highly vulnerable to email impersonation and all the threats that come with it, such as business email compromise (BEC) and phishing attacks. These can result in the loss of capital, consumer trust, brand equity, and much more.
Below, we’ve totaled up what retail businesses, online stores, and ecommerce sites may have to pay if they don’t secure their domains and improve their cybersecurity posture.
$30 billion retail funds lost to cyber attackers year on year
No business is fully immune to the threats of cybercrime. But unfortunately for retail businesses, their handling of personal and sensitive data makes them particularly susceptible to impersonation attacks.
Most worryingly, almost a quarter of all cyber attacks are aimed at retailers and this is costing the industry more than $30 billion every year. This mammoth sum is likely made up of ransom demands, money lost to fake invoices, loss of retail sales due to damaged consumer trust, and even fines.
$28 million penalties for insufficient data safeguarding
Retail businesses are some of the largest holders of valuable customer data. With everything from credit card numbers to personally identifiable data and behavior insights, retailers are legally responsible for safeguarding this highly sensitive personal data. So unsurprisingly the penalty for not putting sufficient protocols in place to protect data privacy is high.
The UK’s far-reaching GDPR imposes fines of up to £20m (about $28m or €23.5m) or 4% of annual revenue for each data breach. While GDPR is a UK law, its policies apply to any company doing business with EU citizens. When it comes to global retail, that’s a lot of companies.
Irreparable damage to reputations and relationships
Shoppers take their trust in who they buy from seriously. 22% of customers will stop buying from a business after it has been attacked, and 67% admit that they trust a company less after a data breach.
As well as this, global communications firm Edelman found that protecting customer privacy and data was ranked the 6th most important factor in trusting a business.
So it’s hard to decide what’s more unnerving for retail and ecommerce businesses: their disproportionate share of cyber attacks or the irrevocable damage that occurs when things go wrong.
Permanent cracks in your supply chain
When your company isn’t DMARC compliant, it’s not just your business and brand at risk. Your customers, employees, suppliers and stakeholders are too. After all, these are the people who’ll be receiving malicious phishing emails in your name.
The responsibility to protect employees, customers and business partners is shared by all retailers, and it’s vital that they put the measures in place not just to cover their reputation, but also to protect those within their sphere of influence.
How retailers and ecommerce businesses can fight back
Different retailers will always have different priorities. Some consider their brand equity and relationships most important, while others believe their bottom line is the best indicator of their success.
But whatever a retail business considers most valuable, it’s clear that the overwhelming majority lack the security to protect this. While there are a number of different solutions for threats in the cybersecurity space, full DMARC configuration should be the retail sector’s first step for securing domains, brand reputations, supply chains and bottom lines from the cost of impersonation fraud. Security for your business is priceless.
Want to start protecting your domain from impersonation today?
