Cyber risk remains a very hot topic for all businesses, including the retail sector.It is a widespread industry issue for the retail industry as they are prime targets for hackers due to the amount of data they hold on their customers and volume of credit card transactions processed.

Hackers are continually finding new ways into the IT infrastructure of retailers to steal data and threaten their financial and operational stability. Distributed Denial of Service (DDoS) attacks are becoming more powerful as the use of easily hacked internet of things devices increases.

Here is a cautionary tale from an online retail company that was the target of a DDoS attack.



The data centre which hosted the online retailer company’s website became the target of a distributed denial of service attack. The attack,which utilized hacked internet of things devices, flooded the data centre’s network with so much traffic that their network failed. This madethe online retail company’s website inaccessible for a period of six hours before backup systems were able to restore 100% functionality.

The online retail company had a cyber insurance policy and was able to recover the following costs:

  • Recovery Costs:
    –Increased cost of working required to get website functioning properly————————–$18,000
    –Costs to subcontract with external service provider. ————————————————–$23,000
  • Business Interruption:
    –Lost sales and revenue from website downtime. ——————————————————-$142,500
  • Incident Response Expenses:
    –IT forensics firm ————————————————————————————————–$22,000
    –Legal consultation fees —————————————————————————————–$15,000
    –Incident Response Manager fees —————————————————————————–$6,000

                                                                                                             Total Cost:          $216,000

DDoS attacks are frequently used as a smokescreen for other attacks, like stealing data or implanting virus or malware. These attacks are stressful and expensive to navigate through.

Three Tips to reduce your cyber risk

  1. Have a business continuity plan that ensures critical business applications, systems, and activities do not rely on one critical IT provider.
  2. Have quality standards in place that third party suppliers must meet to reduce supply chain attacks. According to a survey conducted in 2018 by the Ponemon Institute, 56 % of organizations have had a breach that was caused by one of their vendors. Hackers will find the weakest link
  3. Invest in a Cyber Liability policy. A cyber policy pays for the costs to fix the problem and the loss of profits from the system down time. It gives you access to an incident response team to immediately respondto the attack and a team of consultants and lawyers to help deal with any data breach issues and potential damage to your reputation.

Speak to a CMX cyber risk specialist to find out how you can protect your business with cyber insurance.