We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:

X

RISK IN CONTEXT

View more

Taking the Full Measure of Retail, Wholesale, and Food and Beverage Cyber Risks

Posted by Susan Young 01 August 2019

The risks inherent in using and processing customers’ personal data are familiar territory for customer-facing businesses, including restaurants and retailers. Nearly 90% of retail, wholesale, and food and beverage respondents to the Excellence in Risk Management survey identified cyber-attacks as a significant concern.

There’s growing awareness that cyber risks for retail and farm-to-fork businesses go beyond data breach and that the risk of business interruption from a cyberattack or technology failure is increasing, with potential for significant economic damage. Widely-used transformative technologies — including self-checkouts, mobile wallets, automated production and robotics, and online ordering and payment systems — can increase productivity and enhance the customer experience, but also create more points of vulnerability and the potential for business interruption.

 A cyber event or technology failure can disrupt operations, paralyse systems, and halt customer services, resulting in revenue loss, extra expense, and reputation damage: 

  • A global snack food wholesaler experienced a disabling ransomware attack that paralysed its manufacturing capabilities for days, leading to millions in lost revenue.
  • A leading US retailer was left unable to complete customer orders following the failure of its fulfilment system, leading to significant revenue losses.

Although the economic impact could be extensive, many retailers and farm-to-fork companies don’t know how much a cyber-attack or technology failure could actually cost because they haven’t taken the critical step of quantifying their risk.

Economic Quantification is Key

Retailers and farm-to-fork companies often use qualitative methods to assess their cyber risk. For some, this includes vague descriptive methods like traffic light colours or low, medium, or high grading, which do not provide actionable economic data necessary to drive sound cyber risk planning and investment decisions. 

Protecting your organisation against an operational or technology disruption first requires an understanding of your risk exposures, including your technology footprint. Armed with that information, you can quantify the financial impact of such an event. Unless you know the economic cost of cyber risk, your organisation could be overspending on cybersecurity technology while underinvesting in crucial areas such as insurance, training, and response planning that are crucial to building cyber resilience.

Risk quantification applies a range of potential economic scenarios to measure the value of specific risks, enabling organisations to: 

  • Express cyber risk in dollar terms, thus removing ambiguity and allowing for an apples-to-apples comparison to the cost of other organisational risks.
  • Provide a common language to describe the financial cost of cyber risk that can be used across the organisation, especially among those without technological expertise.
  • Make well-informed decisions about cyber capital allocation, including investments in cybersecurity technology. This insight is instrumental in determining insurance needs, including what type of coverage and limits to purchase.
  • Allow companies to evaluate whether their cyber investments are having a meaningful impact in reducing their risks. 

If you can’t measure it, you can’t manage it. With technology transforming the business and risk landscape for retail, wholesale, and food and beverage companies, the bottom line is that quantification of cyber risk will lead to better cyber risk management and greater cyber resilience.

Susan Young

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by Jardine Lloyd Thompson Pty Ltd (ABN 69 009 098 864, AFSL 226 827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions.