The Australian retail industry has undeniably been one of the most devastated by the dynamic impacts of the COVID-19 pandemic. The industry experienced an initial boom when many consumers redirected spending, from pre-COVID luxuries such as leisure travel to retail goods.

At that point there was clear investment in technology and innovation, which kept retailers above water. But Australia’s recent lockdowns have left the industry in a state of unpredictability.

While not every potential threat or disruption can be predicted, the pandemic has revealed a multitude of new and different risks that retailers can prepare for now. However, one looms large: cyber-physical risks.

People, process, technology

People are at the core of the retail business model. They staff the stores, manage the warehouses, and shop both online and in person. So when a cyber threat spills into the physical world, retailers are especially vulnerable. They must mitigate the cyber attack—which is often difficult for many retailers to counteract—while protecting their people, customers, locations, and assets.

The task has become particularly challenging given two recent trends:

  • a steep increase in cyber attacks in the last 18-plus months
  • a rise in the number of attacks that affect both the physical and cyber domains.

And the retail industry has been hit hard. In fact, it is one of the top five industries to be impacted by cyber crime in 2020.

As consumer online buying continues to grow, we can expect retailers to be even more exposed. They hold in their hands a wealth of customer data, such as stored credit card numbers, that is at risk every time a customer logs onto a company’s site. And in this era of personalisation, retailers are collecting more details about their customers—creating a large database that is an attractive target for cyber criminals.

The flip side of that are the ways in which in-store shopping creates risks in the cyber domain. For example, when stores use point of sale (POS) systems that are connected to the internet. Such Internet of Things (IoT) devices are ripe for attack; their increased use is one the main reasons for the rise in cyber-physical threats.

Mitigate risks with real-time information

Given what’s at stake, responding to risks in an ad-hoc manner is no longer sufficient. Employees, shareholders, customers, and other key stakeholders expect more. They want retail leaders to be on the “front foot” when managing a crisis and to hold themselves accountable accordingly.

Leading organisations have taken heed and, as a result, are better able to tightly control messaging and overcome potential issues in innovative ways—allowing them to differentiate themselves from their competitors and mitigate reputational risk.

Unfortunately, Australia is often seen as a soft touch by malicious actors. This calls for additional investments in security operations—for both cyber and physical—including employee upskilling. And it calls for real-time information.

At Dataminr, and as the leading provider of real-time event and risk detection, we’ve witnessed the power of real-time information. Many of our retail customers use the real-time information they receive to quickly identify potential risks as they emerge, understand the context of those risks, and make informed business decisions. For example, some customers use our real-time alerts to reroute shipments or change suppliers in response to country border closures.

There’s no doubt that cyber-physical risks are here to stay and as such have earned a top spot on the agendas of boards and C-level executives. Retailers must adjust accordingly and ensure they have the protections in place to safeguard their people, customers, and assets.

Helen Sutton is senior vice president for EMEA and APAC sales at Dataminr.