Following on from our recent article regarding Cyber Monday and Black Friday, NTT Security has just conducted a survey to gauge consumer attitudes to ecommerce data breaches. Perhaps surprisingly, only 18% stated they would permanently stop using an online store that had been hacked, with a third suggesting they would continue regardless.

Whilst 18% sounds like quite a small number, putting it in context, that is a fifth of an ecommerce site's customer base wiped out. The costs of acquiring new customers to make up the shortfall (just to stand still) plus the original costs associated with acquiring the original 18% in the first place, makes the potential impact on a business huge.

What is also interesting is that the vast majority agree that transparency from the online site after a breach is essential. This underpins that it is not only the breach itself, but how the breach is dealt with that is highly significant in gaining and keeping loyal customers.

Consumers certainly seem to be growing in security awareness when online; more savvy, they are willing to take responsibility for their own security to some extent, but they are also more demanding of retailers and expect to see privacy and security polices displayed clearly on websites.

Of course, simply having a published policy is not enough and whilst we may see a spike in targeted attacks due to seasonal trading, cyber attacks aren’t just for Christmas. In a connected, global economy, attack vectors and cyber threats are present 24 hours a day, every day of the year, so it’s crucial that online retailers get the basics right combined with a balanced and well communicated approach to cybersecurity at all times.

Here are five top tips to help retailers mitigate cyber risks:

1. Understand your risk – conduct an annual risk insight to understand the current risk exposure and to keep the board engaged with cyber risk.

2. Secure configuration – keep hardware and software protections up to date. Stay on top of basic protection, and use multi-factor authentication (not just simple passwords) where possible.

3. Educate and train staff – so they know company policies and incident response processes.

4. Incident response – establish, produce, test and communicate incident management plans.

5. Monitoring – continuously monitor all systems to spot potential attacks and minimise risk.