Cyber-attacks present an ongoing threat as malware becomes more sophisticated and easier to access.
With remote working and increasingly complex supply chains, criminals are finding more routes to infect and disable IT systems.
Luxury brands can be seen as a prime target for cyber criminals because of the sensitivity of their customer and corporate data – and the risk to their reputation if such data were to be compromised.
In our recent webinar, we looked at the changing cyber risk landscape, how it is affecting the luxury brands sector and what brands can do to protect themselves.
Luxury brands invariably collect large amounts of personal data as part of providing a tailored experience for customers.
In view of the industry sector, it can be expected that a significant quantity of this information belongs to high net worth individuals (HNWIs) who may be sensitive about who has access to their data.
For this reason, such data holds a particular cache for criminals.
Not surprisingly, luxury brands are keen to avoid the reputational damage associated with a data breach. This makes the sector a particularly attractive target for ransomware attacks.
This is because criminals believe brands are more likely to pay ransoms rather than risk damaging their existing and future customer relationships were the data leaked into the public domain.
The consequences of such attacks can be far-reaching.
Many luxury brands are manufacturers and logistics operators as well as retailers, which presents its own challenges from a cyber threat perspective.
Specifically, if a cyber-attack corrupts their information technology (IT) and/or operational technology (OT), this could lead to lost productivity at the factories, with knock-on disruption to logistics and failure to meet customer orders.
These impacts could lead to significant business interruption costs.
The collection and/or processing of personal data potentially exposes organizations to a raft of regulatory regimes, such as GDPR in Europe.
Such legislation can place more obligations on businesses to protect the personal data of customers and employees.
Breaching those obligations may result in fines as well as, legal costs and potentially further reputational damage.
Luxury brands are also exposed to cyber risks through their supply chain in two distinct ways.
First, a partner who is relied upon for the production or distribution of goods will have their own cyber risk to contend with. Any interruption to their IT/OT could have adverse consequences for the brand.
Second, is the risk associated with connectivity of networks.
For example, even if the brand’s internal IT controls are robust, malware can migrate through systems that are linked or shared with a supplier if the supplier’s controls are exploited.
There are several possible factors behind the increase in ransomware attacks around the world:
Your organization may wish to consider the following four-phase strategy to mitigate cyber risks and minimize the impact of an attack:
Categorize and document the most important assets in your organization that could be affected by a cyber-attack. This might include:
Ask what cyber security controls you have in place and whether they are robust enough? Approaches you can consider include:
Once you know your critical assets and the current state of your controls, ask these questions to help make decisions on how to manage risks:
Put controls and procedures in place to the test and review them to keep pace with latest threats.
Following our recent webinar, we have put together a report which covers some of the cyber cases involving luxury brands that have made the headlines recently, cyber security controls best practice, how cyber insurance can help and what’s happening in the cyber insurance market.
|How luxury brands can mitigate the impact of cyber risks