On 30th January PEER 1 Hosting and partners Dell, Alert Logic and Globalscape hosted the eCommerce Futures Conference security breakfast, which focused on the issue of safeguarding the online purchasing experience. The tranquil Loggia room at Knightsbridge's Mandarin Oriental Hotel was the setting, with an audience of senior managers and directors from a range of brands including Boodles, NET-A-PORTER, Dwell, Deckers, Direct Wines, Marks & Spencer, and Snow + Rock. Despite the earliness of the hour the discussion was lively, fuelled by contributions from Christine Bardwell of IDC, Neira Jones of Barclaycard and PEER 1's Dominic Monkhouse.


Christine Bardwell, Research Manager for IDC Retail Insight kicked off the debate with a punchy presentation in which she reminded the audience of brands such as Lush, Sony and who have all been victims of data hacks. Marks & Spencer, who suffered a breach some time ago because of a 3rd party did not escape mention either, to the good-humoured consternation of their Principle Architect eCommerce, sat to Christine's right.

This led to an intense discussion on the importance of auditing delivery partners such as marketing and logistics, to ensure that they have the appropriate security policies.


Figures were thrown into the mix about the enormous cost of a data breach, quoting Sony's recent £250,000 fine, and TK Maxx's $41 million pay out in 2007. Christine went on to reveal that the average cost of a data breach is £5.5m, when factors such as hiring forensics experts and in-house investigations are taken into account. Despite these figures, everyone in the room seemed to agree that the impact of the damage to a brand's reputation was a far greater concern than the financial implications.

After a show of hands, it appeared that more than half of the audience felt confident that their business was protected against external hacks. The general consensus was that the problem of data hacking is only set to get worse as the proliferation of devices continues (IDC predicts that mobile users will increase by 91 million in the next four years). A growing number of companies - including a third of the audience in the room - are also starting to adopt a bring your own device (BYOD) policy in the workplace. Now could well be the time for retailers to start investing in mobile security tools.


Neira Jones, Head of Payment Security for Barclaycard went on to give her presentation, which produced a few laughs initially (and perhaps a flurry of scribbled 'notes to selves') when she revealed that the most prominent password in the business world is Password1.

She also gave the worrying statistic that 2012 saw 36% more breaches than 2011. For many organisations, Neira went on to say, the rise of cyber war and targeted attacks is a growing concern, and companies need to assess their risk in terms of their exposure.

There is some help at hand though: Neira recommended the Open Web Application Security Project (OWASP), a free web security tool, which she claims is a must-have resource for all web developers.

Snow + Rock's manager spoke up for small and emerging companies, which can face difficulties as they grow and need to respond to online customer demand quickly. Seasonal pressures in particular can exacerbate this problem, with the need for businesses to ensure they still adhere to all of the appropriate security regulations.


Along with other topics of discussion was the idea that we now live amongst a young generation of 'digital natives' who have little concept of online privacy, and are naturally less attuned to the importance of data protection than the older generation of 'digital immigrants'. Similarly, the problems associated with the recent explosion of social media usage was also a cause for concern, leading to conversation about how organisations should be incorporating social media into their existing policies.


The debate finished with Neira's countdown of her top nine security topics for businesses to consider in 2013, a comprehensive list which included Mobile Security, Social Media Policy and Incident Response Testing.

However, in at numbers one and two, and also points that were central to the morning’s discussion, were Security Awareness and Education, and Risk Management.

It would seem that assessing a company’s risk, and having a comprehensive understanding of the security measures that can and should be in place is of vital importance for eCommerce businesses today.