“DEAR CUSTOMERS, WE MISS YOUR FEELINGS! We are happy to be able to receive your orders again. This message posted on Jules’ website follows a cyberattack that notably blocked the men’s ready-to-wear brand’s e-commerce activity. Or let’s cite the unfortunate example of Camaïeu, also the victim of an attack a few days before sales…
Their case is not isolated. According to the Prestashop Million Club study carried out among its e-merchants, almost one in two merchants (46%) has been the victim of a cyber attack since the beginning of their activity. A number that drops a little, to 41%, if we focus on France.
Malicious bots, DDoS attacks and SQL injections are the top three cyber attacks that retailers have experienced.
Methods for taking control of retailers’ information systems are diverse, but mostly come from malicious bots (43%), DDoS attacks (33%) and SQL injections (30%). Few French merchants fell victim to multiple attacks. They are in fact only 14% to deplore more than 3 types of attacks since the beginning of their activity.
Mainly counterattacked attacks…
Retailers, however, are very sensitive to the issue and, in general, the attacks remain fought. In fact, 86% of these attacks are resolved in less than a day, including 20% within the next hour. For 51% of them, this speed of execution is due to the intervention of an external service provider. In France, the numbers follow the world average with 90% of attacks resolved in less than a day, including 27% in the next hour. The intervention of an external service provider was also the solution for more than one in two French e-merchants (53%).
Only 2% of merchants worldwide and 3% of French traders faced a significant financial impact after a cyberattack.
Only 2% of traders globally and 3% of French traders had a significant financial impact (10/10) compared to 78% globally and 83% in France who rate their financial loss as “minimal” (less than 3/10) . In terms of responding to cyberattacks, only 3% of merchants worldwide have paid a ransom and 10% have filed a complaint. As a reminder, all government agencies in all countries like ANSSI (National Information Systems Security Agency) recommend never paying ransom so as not to encourage cyber attacks.
…but getting in the way of business
Despite everything, these attacks still have an impact on the activity of e-merchants, namely in terms of unavailability of services, the first consequence for 67% of respondents worldwide and 60% of respondents in France. On the other hand, the study reveals that, all countries together, few of them have suffered data theft (14%) or customer embezzlement (10%).
“In addition to the aspect of responsibility for personal data, a service interruption associated with a malicious attack can cause damage of several tens of thousands of euros, not to mention the harmful effects on our company’s reputation.believes Grégory Pairin, co-founder of Ocarat.com, an online jewelry store. We are now forced to look very carefully at the security of our infrastructure, especially as the number of break-in attempts is increasing from one year to the next. 🇧🇷
A resource problem
Cybersecurity is considered an important issue for e-merchants. 90% of respondents consider this issue a high priority, even an absolute and short-term priority for 55% of them.
69% of respondents are considering outsourcing their cybersecurity management
This awareness is concretely translated into investments for companies, namely in terms of resources. And the trend is to outsource. Thus, approximately 7 out of 10 e-merchants worldwide (69%) plan to outsource their cybersecurity management. Neither recruiting (91%) nor finding the right service provider (74%) is perceived as an issue by the e-merchants surveyed. The problem is quite internal; respondents highlighting the lack of time (59%) followed by the lack of knowledge (54%).
The lack of budget is not an obstacle for 65% of them and for Sébastien Colombier, executive president of As de Carreau, “The cost argument is irrelevant when you think about how much inaction can cost. And the financial impact is not the only consequence to be taken into account, but what it costs in terms of image following a cyberattack. 🇧🇷
Listen to Républik IT le Media’s podcast Good IT Practices – What to do or not to do when you are the victim of a cyberattack? 🇧🇷