The last 18 months have seen an explosion in ecommerce as shoppers moved online in the face of lockdowns and restrictions.

With an estimated 2.14 billion people worldwide now buying online in 2021, the retail sector will continue to be increasingly attractive for cyber attackers looking to steal personally identifiable information, money, and goods. Although retailers can and should take all possible preventative measures, it’s no longer a case of if a retailer will be breached, it’s when.

Given this, it’s critical for retailers to establish trust and build “forgivability” with their customers to protect their brand (and bottom line) in the long term in the event of a breach. Forgivability is centred around establishing a trusting relationship with customers so they understand that important measures are in place to prevent cyber attacks and resolve it quickly if one occurs.

While consumers generally understand that the digital world comes with a certain amount of risk, the question is usually whether the brand they’ve chosen to trust is doing everything it can to protect their information. There are three important steps retailers must take to protect their brands against cyber attacks and build forgivability with customers.

1. Tighten up security infrastructure

Customers are much more likely to forgive a breach if they know a retailer had every measure in place to prevent it. Strong enterprise security requires multiple layers to confirm your customer’s information is safe across all channels including mobile devices. Retailers must invest in more than just meeting the basic standards. If an attack does occur, they should be transparent with customers about how it happened and the measures they’re taking to mitigate future risk.

2. Don’t leave your employees behind

It’s important for a retailer’s entire team to understand the importance of cybersecurity – to customers, the business’s reputation, and its financial wellbeing. Cybersecurity should be a priority for every employee and each should understand the importance of protecting customers’ data and the steps needed to enable strong enterprise security. Security culture is a team effort – it cannot rest solely on an IT department.

Retailers should explore getting employees engaged and implementing a solid cybersecurity training program so they develop a high security IQ and are investing in defending against attacks.

Employees are one of the most important parts of a company’s security equation. They are the firewall against a number of common cyberattacks including phishing and social engineering. A good security program isn’t just a pile of stacked security technology, it’s a trained team that is constantly vigilant and ready for the next threat.

3. Help customers to do their part

Keep an open line of communication with customers to educate them on cybersecurity risks and the steps they can take to protect themselves. This includes things like the importance of using unique passwords and the risks posed by phishing scams. Educating customers on the importance of picking strong, unique passwords cuts down on risk and also helps build forgivability if a breach does occur.

Retailers should send regular reminders to their customers so that they understand the retailer cares about its customers’ privacy and give them tips and tools to protect themselves. Educating customers builds knowledge and understanding, and therefore forgivability.

For every brand, forgivability will look different. It’s a mix of communication, transparency and tough love to establish trust. Forgivability is earned when customers understand security is always a retailer’s top priority and that they are constantly working to protect personal information and improve security measures. Cyber attacks will continue to happen, but most often it is the response to an incident that consumers remember in the long-term.

Dan Holden is vice president of cyber security at BigCommerce.