Cyber-attacks present an ongoing threat as malware becomes more sophisticated and easier to access.
With remote working and increasingly complex supply chains, criminals are finding more routes to infect and disable IT systems.
Luxury brands can be seen as a prime target for cyber criminals because of the sensitivity of their customer and corporate data – and the risk to their reputation if such data were to be compromised.
In our recent webinar, we looked at the changing cyber risk landscape, how it is affecting the luxury brands sector and what brands can do to protect themselves.
How are luxury brands at risk from cyber threats?
Luxury brands invariably collect large amounts of personal data as part of providing a tailored experience for customers.
In view of the industry sector, it can be expected that a significant quantity of this information belongs to high net worth individuals (HNWIs) who may be sensitive about who has access to their data.
For this reason, such data holds a particular cache for criminals.
Not surprisingly, luxury brands are keen to avoid the reputational damage associated with a data breach. This makes the sector a particularly attractive target for ransomware attacks.
This is because criminals believe brands are more likely to pay ransoms rather than risk damaging their existing and future customer relationships were the data leaked into the public domain.
The consequences of such attacks can be far-reaching.
Disruption to production and distribution
Many luxury brands are manufacturers and logistics operators as well as retailers, which presents its own challenges from a cyber threat perspective.
Specifically, if a cyber-attack corrupts their information technology (IT) and/or operational technology (OT), this could lead to lost productivity at the factories, with knock-on disruption to logistics and failure to meet customer orders.
These impacts could lead to significant business interruption costs.
Data privacy breaches, fines and prosecutions
The collection and/or processing of personal data potentially exposes organizations to a raft of regulatory regimes, such as GDPR in Europe.
Such legislation can place more obligations on businesses to protect the personal data of customers and employees.
Breaching those obligations may result in fines as well as, legal costs and potentially further reputational damage.
Supply chain cyber risks
Luxury brands are also exposed to cyber risks through their supply chain in two distinct ways.
First, a partner who is relied upon for the production or distribution of goods will have their own cyber risk to contend with. Any interruption to their IT/OT could have adverse consequences for the brand.
Second, is the risk associated with connectivity of networks.
For example, even if the brand’s internal IT controls are robust, malware can migrate through systems that are linked or shared with a supplier if the supplier’s controls are exploited.
Why are ransomware attacks on the rise?
There are several possible factors behind the increase in ransomware attacks around the world:
- Changes in working habits: with more people working remotely and using personal devices for work, criminals may see an opportunity to exploit human vulnerabilities and weak links in systems.
- Low risk of prosecution: cyber criminals may feel they can get away with it. They often operate from jurisdictions where, even if identified, they cannot be prosecuted by law enforcement agencies from the targeted countries.
- Easy to launch: malware is becoming easier to develop and more accessible. Criminals can find ready-made malware on the dark web.
How to reduce your cyber risks
Your organization may wish to consider the following four-phase strategy to mitigate cyber risks and minimize the impact of an attack:
