Font Size: A A A


Retail cyber toolkit

A Cyber Security Toolkit has been launched in London by the trade body the British Retail Consortium (BRC) and Home Office Minister Sarah Newton. The aims; to provide retailers with guidance so they have the appropriate preventative and response measures to reduce their vulnerabilities and to protect themselves and customers. The toolkit is available to download.

According to the document, online fraud and cyber-attacks now represent a ‘pervasive, potentially existential’ threat to UK retailers.

The BRC points out that retailers have seen online sales growing by around 10 to 15 per cent each year; and the parallel rise of ever more elaborate cyber-related crimes such as ‘doxing’, ‘whaling’ and ‘spoofing’ against retail businesses and online shoppers. Hence the toolkit. The BRC and members saw a need to keep pace with the evolving risks associated with operating online and to meet customer expectations around the protection of personal data.

The toolkit’s recommendations to retail businesses include: establishing cyber security as a board level issue, retail-specific information-sharing, completing a cyber security risk assessment, and creating an incident response plan. The toolkit also provides a guide to preparing, responding, recovering and reviewing attacks.

According to the BRC Annual Retail Crime Survey 2016, an estimated 53 per cent of reported fraud in the retail industry is cyber-enabled, which represents a total direct cost of around £100m.

Hugo Rosemont, police adviser on crime and security at the BRC, said: “The UK is one of the leading e-commerce markets in the world. The BRC Cyber Security Toolkit is designed to equip British retailers with the know-how, guidance and practical support that will help the industry stay ahead of the ever evolving threats posed by cyber-related criminality. All parts of the retail industry have a large and growing stake in keeping customers safe and secure, and the industry is committed to ensuring the strongest possible measures are in place – all the way through from prevention to incident response.”

In a foreword, the BRC chief exec Helen Dickinson, pictured, said: “Cyber security is not a matter that can be addressed by the IT security department alone, nor is there a ‘magic bullet’ for achieving digital resilience.” She described the guide as practical and step-by-step, for all parts of retail that have a large and growing stake in doing cyber security.

About the Toolkit

For the 44-page document visit

It was developed under the auspices of the BRC’s Fraud and Cyber Security Member Group. The BRC ran a Cyber Security Incident Management event with risk firm Aon in October 2016.

For the BRC Annual Retail Crime Survey 2016 visit:


Related News