Skip to main content
main content, press tab to continue
Report

How luxury brands can mitigate the impact of cyber risks

March 1, 2023

Luxury brands can be seen as a prime target for cyber criminals because of the sensitivity of their customer and corporate data – and the risk to their reputation if such data were to be compromised.
N/A

Cyber-attacks present an ongoing threat as malware becomes more sophisticated and easier to access.

With remote working and increasingly complex supply chains, criminals are finding more routes to infect and disable IT systems.

Luxury brands can be seen as a prime target for cyber criminals because of the sensitivity of their customer and corporate data – and the risk to their reputation if such data were to be compromised.

In our recent webinar, we looked at the changing cyber risk landscape, how it is affecting the luxury brands sector and what brands can do to protect themselves.

How are luxury brands at risk from cyber threats?

Luxury brands invariably collect large amounts of personal data as part of providing a tailored experience for customers.

In view of the industry sector, it can be expected that a significant quantity of this information belongs to high net worth individuals (HNWIs) who may be sensitive about who has access to their data.

For this reason, such data holds a particular cache for criminals.

Not surprisingly, luxury brands are keen to avoid the reputational damage associated with a data breach. This makes the sector a particularly attractive target for ransomware attacks.

This is because criminals believe brands are more likely to pay ransoms rather than risk damaging their existing and future customer relationships were the data leaked into the public domain.

The consequences of such attacks can be far-reaching.

Disruption to production and distribution

Many luxury brands are manufacturers and logistics operators as well as retailers, which presents its own challenges from a cyber threat perspective.

Specifically, if a cyber-attack corrupts their information technology (IT) and/or operational technology (OT), this could lead to lost productivity at the factories, with knock-on disruption to logistics and failure to meet customer orders.

These impacts could lead to significant business interruption costs.

Data privacy breaches, fines and prosecutions

The collection and/or processing of personal data potentially exposes organizations to a raft of regulatory regimes, such as GDPR in Europe.

Such legislation can place more obligations on businesses to protect the personal data of customers and employees.

Breaching those obligations may result in fines as well as, legal costs and potentially further reputational damage.

Supply chain cyber risks

Luxury brands are also exposed to cyber risks through their supply chain in two distinct ways.

First, a partner who is relied upon for the production or distribution of goods will have their own cyber risk to contend with. Any interruption to their IT/OT could have adverse consequences for the brand.

Second, is the risk associated with connectivity of networks.

For example, even if the brand’s internal IT controls are robust, malware can migrate through systems that are linked or shared with a supplier if the supplier’s controls are exploited.

Why are ransomware attacks on the rise?

There are several possible factors behind the increase in ransomware attacks around the world:

  • Changes in working habits: with more people working remotely and using personal devices for work, criminals may see an opportunity to exploit human vulnerabilities and weak links in systems.
  • Low risk of prosecution: cyber criminals may feel they can get away with it. They often operate from jurisdictions where, even if identified, they cannot be prosecuted by law enforcement agencies from the targeted countries.
  • Easy to launch: malware is becoming easier to develop and more accessible. Criminals can find ready-made malware on the dark web.

How to reduce your cyber risks

Your organization may wish to consider the following four-phase strategy to mitigate cyber risks and minimize the impact of an attack:

  1. 01

    Identify critical assets

    Categorize and document the most important assets in your organization that could be affected by a cyber-attack. This might include:

    • Data assets, such as sensitive personal data, confidential business information, customer data records and contracts.
    • Software assets, such as manufacturing or warehouse management systems.
    • Services, such as internet service providers (ISPs) and utility providers.
  2. 02

    Assess your controls

    Ask what cyber security controls you have in place and whether they are robust enough? Approaches you can consider include:

    • A gap analysis of your security controls linked to the cyber risks you face as a business.
    • Penetration (PEN) testing, vulnerability scanning or an audit of your controls by an external provider.
    • A strategy workshop or cyber risk review involving senior leaders and stakeholders.
  3. 03

    Develop a cyber-risk management strategy

    Once you know your critical assets and the current state of your controls, ask these questions to help make decisions on how to manage risks:

    • Can you tolerate the risk? If so, remember that risk does change over time, so monitor it regularly to make sure the level of risk is still acceptable.
    • Can you reduce the risk by implementing better procedures or controls?
    • Can you remove some risk by outsourcing an activity to an external provider? Remember, you will retain overall responsibility for what they do, so you may still be exposed.
    • Can you transfer the risk through cyber insurance?
  4. 04

    Review, test and manage

    Put controls and procedures in place to the test and review them to keep pace with latest threats.

    • Nominate owners responsible for managing cyber risks.
    • Run desktop exercises with key stakeholders, making sure to stress-test incident response and business continuity plans.
    • Test the effectiveness of your cyber defences and action any findings.
    • Hold regular planned reviews of cyber risks and threats.

Following our recent webinar, we have put together a report which covers some of the cyber cases involving luxury brands that have made the headlines recently, cyber security controls best practice, how cyber insurance can help and what’s happening in the cyber insurance market.

Download

Contacts


Global Head of Cyber Coverage & Innovation,
Cyber & TMT

Associate Director Private Equity

Retail Practice Leader - London

Contact us