A wave of cyber incidents involving major retail brands has highlighted ongoing vulnerabilities in Australia’s digital landscape – not just for large corporations, but for businesses of all sizes.
Lindsey Maher, head of cyber development at CFC, said the latest attacks on well-known retailers should serve as a wake-up call across sectors.
“Because the tactics being used against multinational retailers are the very same ones that threaten every business, regardless of size or industry,” Maher said.
She said that these attacks typically start with social engineering. Cybercriminals target employees to gain initial access, then escalate privileges over time until they can execute a full-scale breach. She warned that smaller businesses often dismiss such incidents as problems for larger enterprises, despite being equally exposed. In her view, focusing on the “how” instead of the “who” is critical to preparing for future threats.
The financial cost of a cyberattack often stems not from the breach itself, but from the disruption that follows. Businesses hit by recent incidents have faced widespread downtime, with many unable to operate while systems are assessed and restored. According to Maher, the process is both time-sensitive and reputation-critical – especially in sectors like retail where customers may quickly turn to competitors.
“For any business reliant on continuous operations, particularly those in fast-moving, highly competitive sectors like retail, even short periods of downtime can lead to lost customers and long-term reputational harm,” she said.
Cyber risk also extends beyond a company’s own operations.
Maher said that when a large organisation experiences a breach, the impact can quickly ripple across its supply chain. Smaller vendors, logistics partners, and service providers may suffer indirect consequences – such as lost revenue or delayed payments – even if they weren’t directly targeted.
“Even if a business has strong security controls in place, they remain vulnerable through their supply chain and third-party network,” Maher said, adding that robust cyber insurance policies should extend coverage to these dependencies.
CFC’s internal claims data also indicates that roughly 75% of cyber incidents are triggered by human error. Despite advances in cyber technology, employee mistakes – like clicking on phishing links or misconfiguring security settings – remain a leading cause of breaches.
Although retail is currently in the spotlight, Maher warned that attackers are opportunistic and constantly seek out the weakest entry points, regardless of industry. She urged businesses to reassess their cyber risk now rather than wait for their sector to make headlines.
“Cyber consistently ranks among the top three business risks, yet many organisations still see it as a choice: invest in cyber security or buy insurance. With CFC, that’s a false dichotomy,” Maher said.
