Case studies: cybersecurity in the apparel industry

In the following section, we present selected case studies highlighting the use of cybersecurity within the retail and apparel sector.

Tesco is taking cybersecurity risks seriously. In October 2021, its app and website went down for two days after a suspected cyberattack. The priority from then on was to retain the trust of consumers. Since the breach, the company is trying to measure the potential damage of a future cybersecurity hack. Tesco currently deals with over 1.3 million online orders each week. Its loyalty system (in the form of a ‘Clubcard’) is also another vulnerable area where customers share personal information. According to Tesco’s 2022 Annual Report, more than 20 million UK households have a Tesco Clubcard, nine million of which access theirs via a mobile app. This, coupled with an increase in online shoppers, makes it a particularly attractive target for cyberattacks. 

In May 2022, the supermarket chain revealed in its 2022 Annual Report that it had carried out a stress test measuring the impact of a data breach. The test calculated the revenue and reputational losses of such an event. In its 2022 Annual Report, Tesco stated that the volume and nature of the customer and supplier data that it holds could result in a serious data or security breach, which could result in a significant financial penalty being levied against the company, per the UK GDPR framework. In this test, management estimated that the fine would account for “2% of [Tesco Group] revenue”. It concluded that a data breach would negatively impact trading and result in a decline in customer sentiment. Tesco understands the importance of protecting customer data. Other retailers should follow suit—especially those who carry a high volume of sensitive consumer data with a high volume of online transactions. 

In 2019, QuikSilver and Billabong—subsidiaries of Boardriders—experienced a ransomware attack through their ecommerce platforms. It forced the company to shut down all IT systems. The attackers altered the retail websites to advertise 20% off items sold online and claimed that the company was experiencing shipping delays. Employees were banned from using computers until the whole IT infrastructure had been cleaned of malware. 

That same year, in the wake of the attack, the company employed DarkTrace’s Enterprise Immune System to detect potential ransomware attacks and cyber threats in its digital space. In 2022, the apparel company expanded its cybersecurity protection, adopting DarkTrace’s deep learning AI tool Antigena, which can detect threats in real-time. By incorporating AI tools into its security architecture, Boardriders can respond to cyber threats more quickly and in real time, which helps the retailer mitigate or prevent attacks on its IT systems. These automated systems also help internal security teams manage and protect the vast IT and OT systems used to cater to an increasingly online consumer base, with more operations going digital. 

These automated systems are another string to the bow for retailers like Boardriders who wish to add an extra layer of defense to their operations in the digital and ecommerce space. More retailers should adopt sophisticated systems from cyber security vendors. 

Mastercard is one of the latest companies to launch a biometric payment system. The system enables shoppers to pay at the checkout or in mobile apps simply by smiling or waving their hand in front of the camera using face-recognition technology. One of the claims made about biometric systems is that they are more secure than a credit or debit card.

Mastercard is working with partners including NEC, Payface, Aurus, PaybyFace, PopID, and Fujitsu Limited to launch the program, which will provide an overarching framework of minimum standards, specifications, and guidelines that address security, biometric performance level, and data protection in the context of in-store biometric payments. However, there are concerns over data storing when it comes to biometric systems. With this new rollout, retailers would have a large amount of sensitive, personal data from consumers. If a system is hacked, and biometric data is compromised, the risk of fraud is significantly higher and less easy to resolve. Passwords are simple to change. You cannot get a new smile or wave.