10427 The Retailer Autumn 2018_Final Draft Pages
NEWS FROM THE BRC Trust in the future of cyber-retailing
James martin Crime and Security Adviser British Retail Consortium
communities, to create the conditions tomanage crime risks across a range of areas, including cyber-crime. We encourage all members to think carefully about who they would like to have signed up to the communities: it’s always better to err on the side of being signed up and not having used it much than to not have signed up andmiss something valuable. One thing we’re absolutely clear on is that cyber-security is not just, or evenmainly, an area for specialists. It must be woven throughout a company’s whole structure, from the very top down. The Board’s role can be a bit difficult to pin down, but the key requirements are well-established: to lead, to assure, to challenge appropriately and to facilitate progress. We’re looking at howwe can provide some guidance on best practice with our partners in Government, academia and beyond, building on our recentWebinar with partners CGI ( here ). But it is not only the executive leadership with a role to play. Cyber-security is a whole-organisation thing; as much a question of culture as technology. Everyone needs to play their part, operating with a proper understanding of cyber-hygiene and the threats poor habits can create, even to establishedmulti-national enterprises. One inadvertent slip-up can see £billions wiped from an organisation in a matter of days. A great, and free, place to go for advice is the National Cyber Security Centre, whose most recent Annual Review, describing their work (with a small BRC contribution) is here . There’s a lot of great material in there, but perhaps most interesting is the section on live incident management, including some material previously deemed too sensitive to publish. The Cyber-Security Toolkit we co-created with the NCSC is also a valuable primer on this area, and we stand ready to help build relationships between any of our members who would like us to and the NCSC, the NCA or others. There are also some really interesting free (tomembers) events in the next fewweeks on identitymanagement andAI, although spaces are filling up quickly. Thesewill explore thewider topics around using new techniques to drive customer value in a sustainableway, and further details in the BRC events calendar or website . the end of thismagazine. Ultimately, every retailer’s path to the future will be different, requiring unique trade-offs and balances to be considered and struck. Some things will, however, be constant, such as an increasing emphasis on using data intelligently and securely. As part of our core mission to support the industry to thrive, it’s a journey we at the BRCwant to help our members navigate successfully.
Much of the UK retail industry’s future will rely on IT. Sales are the most visible area, and there the change has been dramatic: BRC calculations show that in 2006 3% of shopping was online, today that figure is around 18%, despite there being no ‘one size fits all approach’. The revolution digital platforms have catalysed goes much deeper into the fabric of retail, reshaping distribution networks, business management and customer behaviour and expectations. We expect such radical change to continue. Increasingly, for example, ‘ordinary’ consumers (if there is such a thing anymore) are demanding and receiving personalisation of their experience, products and pricing which was previously only available to the very wealthy or well-connected. Such abilities will not be a ‘nice to have’ for long: in future they will be a necessity across the industry. To give an example of how far this has gone: reports from the US suggest that 70% of Nike’s e-commerce business is from orders for customised products. It is clear that the industry is not waiting for the future, it is busy building it. “The best way to predict the future is to invent it.” Nigel Calder, paraphrasing Nobel laureate Dennis Gabor In partnership with Aon, we recently held a live event on the Future of Crime, aimed at helping our members to understand and prepare now for future crime threats. A fuller write up can be found here, but one of the key points which came out is that customer data, and customer trust, are intangible commodities for a retailer of real value. It’s difficult to pinpoint exactly what will contribute to a retailer having high customer trust over data use, and so be able to use that to create a significant competitive advantage of others, and how that can be measured. But one area likely to be central is a demonstratable cyber-security capability. Unfortunately, a couple of trends will make it more difficult to be secure. First, as data becomes more valuable it becomes a more tempting target. Second, as retailers become more integrated with their supply chain partners, the ‘attack surface’, the opportunities for a retailer’s systems to be breached, becomes bigger, and the risk from weaknesses in legacy systems buried away in a supplier higher. Third, there appears to be a growing sophistication amongst hackers, who increasingly use sophisticated attacks tailored to a precise understanding of the potential victim, rather than deploying the same attack against many. We at the BRCwork hard, through our IT and Operations
the retailer | autumn 2018 | 7
Made with FlippingBook flipbook maker