Cybersecurity

Security of e-commerce platforms at the time of digital transformation

According to the global survey PwC 2021 Digital Trust Insights (DTI), 40% of CEOs have admitted that they had increased the pace of digital transformation in their companies in the first three months of the pandemic. This was the result of new business strategies and the decisions they took, the implementation of which they had not previously imagined. However, rapid technological transformation makes companies even more vulnerable to cyberthreats than in the past. This is particularly true of the retail industry which has accelerated its development in the digital sphere.

Trends affecting the Retail & Consumer industry and the development of e-commerce platforms

Trendy wpływające na branżę Retail & Consumer i rozwój platform e-commerce

Changes in consumer behaviour and expectations
Development of new technologies and fast data transmission
Data-based sales practices and privacy of information

Changes in consumer behaviour and expectations

The ubiquity of mobile devices and social media allow consumers to access any information about products and brands when and where they want. As a result, physical shopping in stores gradually ceases to be the main point of contact in this area.

Traditional sales channels in the form of physical retail outlets have been affected by the Covid-19 pandemic, whereas online sales have risen sharply. It is easy to see that lockdowns, sanitary regimes and further restrictions have created new consumer habits. It is estimated that more than 30% of all revenue from retail sales will come from digital channels in the future.

“Being online” brings what consumers crave the most: convenience. However, wherever we talk about comfort and fast development stimulated by new technologies, we must also think about the balance between convenience and security.

Development of new technologies and fast data transmission

2020 saw the commencement of the first large-scale implementation of the 5th generation (5G) network) which allows data to be transmitted almost three times faster. It is estimated that this will make e-commerce even more popular and there will also be an increase in the volume of transactions.

However, it is not just about speed but also about all technological solutions that will lay down the foundations for the store of the future, for example: loyalty programmes based on mobile applications, building digital experience along the entire customer path, using advanced analytical solutions for targeted communication and personalised product recommendations.

Data-based sales practices and privacy of information

It is no secret at all that digital transformation gives sellers a good opportunity to collect data about customer behaviour before, during and after visiting an online store. As a result, the competition among modern e-commerce platforms has extended way beyond the traditional price competition and has entered the area of platform functionality and matching the range of products to customer preferences and behaviour.

However, the increase in the amount of data collected and transferred has also contributed to an increase in consumers’ awareness of personal data security, which is further enhanced by the introduction of the GDPR and informing the public about it. And data leakage incidents have more serious legal implications for firms.

Why is cybersecurity important?

Irrespective of the motivations of potential intruders and attack techniques, cybercrime causes losses to companies on such a massive scale that it cannot be compared with any other corporate risk. According to the Cybersecurity Ventures report, the losses caused by cyberattacks will cost the world 6 trillion dollars a year by 2021 compared with 3 trillion dollars in 2015.

Apart from serious financial losses cyberattacks often lead to disruptions in a company’s operations, loss and leakage of data (customers’ personal data, financial data, and intellectual property), loss of reputation and lawsuits.

The amount of data being processed is growing in step with digital transformation, which makes the attacks being observed increasingly diverse and enables the use of new techniques to carry them out: ransomware, malware, DDoS Attacks (Distributed Denial-of-Service Attacks), MITM (man-in-the-middle), phishing and spear-phishing are the most popular among dozens of others.

Examples of incidents:

Organisation 1:

Large retailer of clothing of well-known fashion brands.

Description of the incident:

A group of Evil Corp hackers took advantage of the poor security of one of the seller’s wireless office networks, which allowed them to intercept online transactions and gain access to the organisation’s main database. It turned out that the database was not encrypted, so the attackers easily gained access to customers’ personal data such as their home addresses, dates of birth and credit card details.

Organisation 2:

Large online retailers of consumer electronics.

Description of the incident:

Just before Christmas the seller’s customer database which contained more than 2 million records was stolen. After the attack the company’s customers began receiving suspicious e-mails aimed at obtaining their bank login details. It then turned out that the hackers managed to steal sensitive data such as national identification numbers (PESEL) and tax identification numbers (NIP).

Consequences:

The reputation of both companies suffered greatly, because a large amount of personal data was sold and / or misused. The attack also had significant financial implications, including multi-million penalties imposed by domestic data protection authorities and lost sales.

To effectively protect yourself against cyberattacks you need appropriate and reliable cybersecurity solutions that allow threats and risks to be identified in real time. The action taken should limit exposure to attacks, shorten the time, cut replacement costs after an incident and prevent future dangers.

According to the global survey PwC 2021 Digital Trust Insights, 96% of the organisations surveyed plan to change their cybersecurity strategies as a result of the Covid-19 pandemic, 50% of the companies plan to take cybersecurity and privacy protection into account in every business decision they make. Adopting a strategic approach to managing the threats and risk relating to protection against cyber attacks is the key to managing cybersecurity effectively and to optimising the related expenditure.

How to approach cybersecurity effectively and avoid making the headlines?

Security management is a process which is inherent in a company’s business culture and which requires constant improvement.
Be prepared for the worst – the security paradigm in today’s world has changed – “it’s not a question of when your infrastructure/e-commerce platform will be hacked, but rather when it will happen”.
The management board is aware of cybersecurity risks and reviews them on a regular basis and takes appropriate strategic action.
Key components of the IT infrastructure and e-commerce platform are tested regularly for vulnerability and resistance to attacks.
Given that attack techniques and threats are evolving constantly, the profile of the risk and cyber attacks to which a given business is exposed is monitored and updated on a regular basis. The threats are mitigated properly by implementing suitable and well-thought-out safeguards (a security strategy is required).
Be aware that cyber threats come from both outside and inside an organisation.
Appropriate mechanisms that are aimed at protecting a company against cyber attacks (technologies, processes, people) and which support cybersecurity risk management throughout the cycle (prevention, detection, response) are implemented. The key resources are secured properly; solutions aimed at detecting incidents and security breaches as well as suitable response and crisis management procedures are also introduced.
The key IT/information assets are identified, and resources that must be under special protection as they constitute the company’s competitive advantage have also been identified.

Did you find this topic interesting, but still haven't found the answer to your questions?

Write to us

Contact us

Agnieszka Ostaszewska

Partner, Assurance Leader, PwC Poland

Tel: +48 502 184 348

Services Industries Products Research & insights Media centre Strategy& Poland Careers About us

© 2015 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.