Protecting Your Retail Business from Cyber Threats
In light of the recent M&S cyberattacks and the rise in high-profile breaches among UK retailers over the past few months, the retail industry is on high alert. At TMD, we recognise the critical importance of cyber resilience for businesses across the retail sector — from local independent businesses to national chains.
Through our membership with Willis Towers Watson Networks, we have detailed below some essential steps your business can implement to minimise cyber risk, effectively respond to attacks, and ensure that your insurance provides sufficient protection.
How Likely Is a Cyberattack — and Can You Prevent It?
Unfortunately, cyberattacks are no longer a matter of “if”, but “when”.” While you may not be able to prevent all attacks, the National Cyber Security Centre (NCSC) offers best practices to reduce exposure:
- Enable Multi-Factor Authentication (MFA): Adds a critical layer of protection against unauthorised access.
- Improve Monitoring: Watch for irregular login behaviour, especially for admin accounts.
- Verify Helpdesk Password Resets: Train IT teams to properly verify identities — helpdesks are prime targets for phishing.
- Review High-Privilege Users: Regularly audit access levels for admin accounts to prevent misuse.
- Track Logins from Unusual Sources: Monitor access locations in real-time.
- Revoke Active Sessions Periodically: Reduces long-term exposure from dormant logins.
- Utilise Threat Intelligence Tools: Respond promptly to real-time alerts and suspicious activity.
Having a Plan in place is paramount to your business responding to an attack efficiently.
A cyber incident can cause major disruption. That’s why your business must have a robust and well-tested Incident Response Plan in place, covering definitions of a cyber incident, escalation and reporting protocols, containment and recovery strategies, communication plans for internal and external stakeholders, and post-incident reviews to improve future response. Cyberattack simulations and workshops can play a critical role in preparing key personnel and stress-testing your readiness.
Is your Insurance policy fit for purpose?
Many retailers are unaware of what their current policies actually cover. At TMD, we can help you review your existing cyber insurance to answer critical questions:
Does it cover ransomware, data breach liability, and business interruption?
Are there exclusions that might limit your cover and ability to claim?
Are limits of indemnity aligned with your potential exposure?
Cyber incidents can lead to significant costs, not just operationally, but also in terms of reputation and legal consequences. If your limits are too low or your policy outdated, now is the time to act.
“Don’t let underinsurance put your business at risk”
Inadequate cover can leave both your balance sheet and your board of directors exposed. Allegations of poor cyber risk management, especially if losses affect customers or shareholders, can result in directors being held personally liable.
Boards are encouraged to stress-test their cyber insurance programmes and risk controls to ensure they are defensible and effective.
We understand every business is different, and understanding your unique cyber risk profile is key.
At TMD, our business is your protection - we’ve been supporting businesses for over 50 years, and today, we help retailers navigate cyber challenges through providing advice, risk assessment tools, and tailored insurance solutions.
Need help reviewing your cyber insurance or developing a response plan?
📞 Call us on 01992 703 000
📧 Email: insurance@mcdonaghs.co.uk