The Office of the Australian Commissioner (OAIC) flags troubling times for Australian retailers declaring that in 2014-15, it has received a 64% increase in voluntary data breach notifications from the previous year totalling 110.
The Federal government also reported at the end of 2014 that the computer emergency response team (CERT) Australia, its point of contact for cyber security, responded to 11,073 cyber security incidents affecting Australian businesses including 8,100 compromised websites.
In the previous year, the total cost of cyber crime in Australia totalled an estimated $1 billion.
Major brands such as David Jones, Kmart and Patagonia have reported data breaches this year with hundreds of thousands of personal consumer information obtained by hackers.
Interestingly, both David Jones and Kmart had built their e-commerce platforms using IBM's WebSphere software, which has also thrown the issue of accountability into the tangled web.
David Jones and Kmart have refused to divulge further information on the incidents due to security reasons and Patagonia has revealed that the matter resulted in major consequences for the brand which was forced to shut down its website because of vulnerabilities.
Patagonia Australia and New Zealand general manager Dane O'Shanassy says that the company has taken extensive action to ensure the protection of its customer's private information.
“Upon becoming aware of the potential threat, Patagonia promptly engaged outside forensic experts to investigate the incident and to assist us in developing a better understanding of the situation.
“We have already taken steps to strengthen our website security and are continuing to design and implement enhanced security measures in order to prevent this type of incident from recurring.”
The company reveals that around 12,500 of its Australian and New Zealand-based customers' may have had their registration details compromised with 600 possibly at risk of having their payment card details accessed by the hackers.
Patagonia confirms that its social media platforms remained untouched throughout the incident.
As the risk of compromise increases, how worried should other Australian retailers be?
Deloitte's latest report Global Powers of Retailing 2015 suggests it's time to sound the alarm.
In line with data on revenue and trends in the e-commerce landscape, it has red-flagged cyber security as an increasing concern for Australian retailers.
“Cyber-crime is on the increase, and with most of the major cyber-breaches of 2013-14 in retail organisations, is a growing concern for our industry.
“Given the potential cost and reputation impact, no Australian retailer wants to be the first with a major publicised breach. With retailers transforming to embrace the digital world, the risk of successful attacks is growing.
“Security is a business issue, and security solutions must not only protect the business assets, they must enable the business to move faster, with more assurance, in the new world of digital retail.”
The report unveils staggering statistics about the implications of a data breach and could explain why the retailers who have been hacked are closing ranks on speaking publicly about the matter.
It details that on average, the total cost of hacking to affected Australian companies totals US$2.8 million.
It also suggests that businesses aren't acting quick enough to detect and prevent cyber criminals from infiltrating their e-commerce systems.
“In 85% of breaches, it just takes days from initial cyber-compromise to the stolen data being taken out of the company. In stark contrast, the average length of time from initial cyber-compromise to discovery of the breach is months or years for over two thirds of breaches.”
Global online security company AVG security awareness director Michael McKinnon says that moving forward, Australian retailers need to start evaluating risks and costs of investing in solid online security systems.
“As a general rule you should begin by calculating the potential losses your business would suffer in the event of a data breach or hacking incident. Work through multiple likely scenarios to gauge the impact.”
“Ask yourself questions like, 'how much revenue would our business lose if it were offline for a day? Or a week? Or a month?!'”
The numbers could be significant, especially for major retailers such as Patagonia who were forced to temporarily forfeit online trading after discovering a breach.
As for pinpointing pitfalls, McKinnon says that there are key focal points that companies and independent brands can look to for weak spots.
“There are a wide range of weaknesses that affect e-commerce platforms, but it depends on the platform in use and the way it has been implemented and secured as well.
“There are generally two types of e-commerce platforms in use today on the internet – common shared platforms whose code is used by many businesses and bespoke platforms built specially by a developer for one retailer.”
McKinnon says that businesses, particularly smaller, independent labels should approach using the former with caution.
“The lower up-front cost of a common shared platform such as Wordpress, for example, means it is easier to get up and running. But it also means if a vulnerability is discovered in the shared code, it can expose thousands of other businesses.
“Sometimes these vulnerabilities can be exploited through automated scripts that will scan and find your site if you haven't kept up to date.
“Small to medium size businesses should be partnering with an IT company that has the skills and knowledge specifically when it comes to security – even if it's just a half-
yearly audit to check everything is running as it should be.
“Larger businesses should already have a relationship in place with one or more dedicated security consultancies to help them ensure all systems are being audited, tested and maintained correctly.”
There are some brands in the Australian market who have committed to remaining vigilant when it comes to protecting its online privacy.
Activewear brand 2XU has appointed Demandware to outsource its e-commerce platform due to the fact that it offers gold class security as a standard functionality.
The brand's e-commerce channel manager Jon Bovard has says that retailers should be investing around $200,000-$1 million in adequate online platforms and around 2-5% revenue in platform and maintenance costs.
He echoes McKinnon's advice to retailers to evaluate the size and reach of their businesses and run the risk and cost assessment from there.
Aside from the issue of consumer data and privacy breaches, hacking has also affected Australian retailers in other ways.
French lingerie brand Simone Pérèle was left red-faced in September this year when its Australian Facebook page was infiltrated with a flood of obscene images and click-bait articles on its feed, locking the administrators
out from rectifying the incident.
It took four days working with Facebook Sydney to regain control of its page after which it issued an apology to almost 11,000 Australians who currently 'like' the page.
It might seem less sinister than the incidents reported by David Jones, Kmart and Patagonia, but when the violation could affect the brand's consumer base indirectly.
In a 2014 Symantec Internet Security Threat Report, 87% of social media scams such as those shared on Pérèle's page were shared manually by Australians last year compared to the global average of 70%.
It might be a troubling time for Australian retailers, but in hindsight the recent wave of hacking incidents could act as a wake up call to action better systems, more efficiency and reactive strategies to prevent further breaches.