Data Breaches By Numbers: 3 Key Statistics Every SME in the Retail Industry Needs to Know

Posted 27/02/19

Retail SMEs are actually more vulnerable to a data breach than any other business of any size, operating within any other industry.

Not convinced? Then have a read through some of the statistics below which demonstrate just how at-risk retail SMEs are of becoming victims of a breach.

43% of cyber attacks target small businesses (SmallBizTrends)

Alarmingly, 43% of all cyber attacks target small businesses - not individuals or big brands, but SMEs. The numbers show that small businesses are not only at risk of attack, but have already been attacked - 55 percent of respondents also said that their companies have experienced a cyber attack in the past 12 months.

When it comes to cyber crime, size matters. It can be far too easy to bury your head in the sand and assume that hackers and cyber criminals have ‘bigger fish to fry’. This is a dangerous way of thinking.

In fact, as an SME, you are the most vulnerable size of business to an attack or breach. Often, large retailers will have far more security measures in place than an SME and so these criminals will focus their attention on businesses that they view as being weak and vulnerable in terms of cyber security.

The retail sector suffers more breach incidents than any other industry (16.7%) (

According to Trustwave’s 2018 global security report, the retail sector sees more incidents of data breaches and cyber criminal activity than any other industry. This report is based on the analysis of billions of security events worldwide, and clearly indicates that being an SME in the retail industry puts you significantly at-risk of suffering a data breach.

The average cost of the worst breach is £65,000 - £115,000 (

In other words, a breach is expensive. This figure cited by the UK government accounts for the following:

  • Financial losses from disruption to trading (10-days disruption)
  • Losing business from bad publicity and reputational damage
  • The cost of cleaning up and replacing affected systems
  • The cost of fines if personal data is lost or compromised
  • Damage to other companies you are connected to.

It’s worth noting the potential impact of the GDPR changes to SMEs in the context of data breaches and fines. The above estimation was published by the government before the new General Data Protection Regulations went live. Information Commissioner's Office (ICO) is paying particular attention to breaches in the retail industry, and has already made it very clear that it will not discriminate with fines and penalties depending on size of business. This therefore makes it much more likely that an SME could be forced to cease trading as the result of a breach and fine.

What is it that makes SME retailers so at risk?

If you’re trying to find out more about where your vulnerabilities may lie, then there’s a whole host of factors that come into play. We have laid out just some of these factors that are very applicable to SME retailers below:

1. Your size

If the hotel systems were to suffer from a virus, a hacking incident or an inside error, this could cause booking systems, the front desk check-in systems, room keys and till points to become compromised. This would prevent business operations from being carried out as normal and the hotel would need to account for the costs of both resecuring and fixing these systems. When you consider consumer spend at UK hotels and restaurants alone is over £230,000 every minute (Statista), the potential losses are significant.

2. The nature of retail as an industry

By the very nature of their business, retailers capture a lot of data. This includes email addresses, postal addresses, phone numbers, card details and more key information that is extremely valuable to criminals (both online and offline). All of this data is harvested at different touch points too - which can complicate things further. For example, you may capture data on social media, in-store, via your website or email, or using third-parties such as marketplaces or integrations (such as PayPal and SagePay). Ultimately, the more ‘touch points’ you have when collecting data, the more vulnerable you are.

3. Human error, employee theft and BYOD

It’s all-too-easy to assume that the risk of a data breach is always non-physical. However, it’s important not to forget the human element of risk. For example, employees can either intentionally or accidentally leak data or passwords, leaving your business vulnerable. The increased prevalence of ‘Bring Your Own Device’ (BYOD) has also worsened the problem. If your business allows employees to use their own devices for work purposes, then any time they leave their device unattended, misplace or lose the device, your data and that of your customers’ is at risk.

The Most Common Threats to Data include:

  • Fraudulent e-mails (72%)
  • Viruses, spyware and malware (33%)
  • People impersonating the business in e-mails or online (phishing) (27%)
  • Ransomware (17%) Almost all of the above will involve fooling an employee, from clicking a malicious link within an email or downloading a dangerous attachment, to being fooled into handing over sensitive information in direct response to one of these emails.


Cyber Security / Data Breach Insurance for Retail SMEs

Based on the above, you may want to start thinking about whether you have the right insurances in place to cover the potential losses and damages caused by a breach. Making changes to your online and offline data storage to improve security can take months and months to put in place. Cyber insurance on the other hand, can be put in place on the same day. Get in touch with our team of experts today to discuss how to insure your retail business against cyber threat.

Posted 27/02/19

Latest News from Ashley Page

What is Cyber Insurance and Why Do Smaller Businesses Need It?

23rd April 2019

It’s common for smaller businesses to assume they don’t need cyber insurance. In this post we outline why these businesses are often most vulnerable.

Hotel Franchises & Cyber Attacks: Who is responsible for cyber security measures?

20th March 2019

In this post we outline everything you need to know about cyber attack liability as the owner of a hotel franchise.

The Biggest Risks to Hotel Cyber Security

27th February 2019

Each data collection point has its own unique vulnerabilities, meaning that there is a larger and more broad risk unique to the hospitality sector.

Data Breaches By Numbers: 3 Key Statistics Every SME in the Retail Industry Needs to Know

27th February 2019

Each data collection point has its own unique vulnerabilities, meaning that there is a larger and more broad risk unique to the hospitality sector.