Valuable data held by fashion retailers has attracted a record number of cyberattacks in the industry.
According to the Identity Theft Resource Centre, 2023 saw a 72% increase in data breaches compared to 2021, which previously had the highest number of recorded incidences. This amounted to 3,122 breaches in total with almost 350m victims.
Each data breach cost an average of $4.45m in 2023, according to IBM, bringing the estimated cost of data breaches over the year to $13.89bn.
Retail is becoming increasingly digitalised, with technology now integrated into operations across the value chain, from manufacturing processes to point of sale (POS) systems. While digital solutions often streamline retail processes, they also present security risks, and cyberattacks – which often result in data breaches becoming increasingly common.
Fashion’s appeal: data
The fashion sector is particularly vulnerable, as retailers there hold a trove of personal and financial information about customers. In December 2023, VF Corporation (which owns Timberland, Dickie, North Face, Vans and more) suffered an attack that saw the personal identifiable information (PII) of 35.5m customers compromised.
The company activated its incident response plan and shut down systems, causing disruption to operations globally. The attack was claimed by the ALPHV/BlackCat ransomware group, and VF Corporation continued to suffer “minor residual impacts” for a month afterwards.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThe VF Corporation breach is far from the only example. In March 2023, fashion retailer Forever21 suffered a data breach which exposed the PII of approximately 539,000 individuals. More recently, US denim brand Levi’s experienced a data breach on 13 June, and footwear retailer Shoe Zone was hit by a cyberattack last week.
According to GlobalData’s Cybersecurity in Retail and Apparel report, cybersecurity concerns are exacerbated by the quality of data held by retailers.
“Retailers are high-profile and contain a goldmine of consumers’ personal and financial information. This makes them an attractive target for hackers,” it reads.
GlobalData principal analyst David Bicknell added that, “with the levels of customer data they hold, retailers are prime targets for cyberattacks. The December 2023 ransomware attack on VF demonstrated the financial impact that is a consequence of cyberattacks, as well as the potential reputational fallout that comes from having to shut down operations.”
Password company NordPass reported that almost 730 retail companies globally suffered data leaks between 2019 and September 2023. The impacts can be far-reaching, both causing financial damage through unfulfilled orders, system downtime or ransoms, and knocking customer trust and retention through reputational damage.
This damage was particularly evident after a cyberattack on sports retailer JD Sports, which saw the personal and financial data of 10m customers exposed in January 2023. Information included customer names, delivery and billing addresses, email addresses, phone numbers and the last four digits of payment cards for customers who placed orders between November 2018 and October 2020.
Following the breach, the Retail Trust Index claimed that only 16% of consumers said they trusted JD Sports.
Cyberattacks damage consumer trust in retailers
GlobalData’s report considers the importance of trust in customer retention, noting: “The increased cost of living has caused shoppers to be pickier in how they spend their money … Shoppers have become more cost-sensitive, spending more time searching for the best deals, both in-person and online, and prioritising lower prices over brand loyalty. Retailers can no longer rely on repeat business and must work much harder to satisfy shoppers.”
Investment in technology is one way in which retailers can enhance their offering to consumers, and the report highlights John Lewis, H&M and Bershka as three brands leading in digitalising apparel, expanding their propositions through virtual try-on features.
It also offers the example of Marks & Spencer’s List&Go app, which uses augmented reality to guide customers around stores according to the items on their in-app shopping list.
However, these advancements are intrinsically risky, particularly in a sector already appealing to bad actors. It’s a growing concern, and GlobalData’s Q1 2024 Tech Sentiment Polls found that 74% of respondents already considered cybersecurity to be disrupting their industry or believed it would do so in the next year.
This concern is reflected in spending predictions too. PwC’s 2024 Global Digital Trust Insights report predicts that cyber investments will account for 14% of the total IT, operational technology and automation budget across businesses in 2024, up from 11% in 2023.
Bicknell commented that “as most organisations confronting cyberattacks know by now, success isn’t measured by whether the organisation has suffered an attack, because most are under continual attack, but how resilient they are to those attacks.”
The primary risks are from distributed denial of service, supply chain and ransomware attacks, with POS systems particularly vulnerable to the latter. Palo Alto Networks’ 2021 statistics reported that POS malware attacks accounted for 65% of data breaches.
Considering relationships with consumers, GlobalData’s report concludes: “With more customers shopping online than ever before, retailers must make the online experience frictionless to retain shoppers without compromising security. Companies must implement additional authentication methods while ensuring the shopping experience is as smooth as possible to prevent online cart abandonment.”