top of page

Food and Retail Businesses: Would your staff recognise a cyber-attack?

Updated: Mar 2, 2023

The food and retail industry have been subjected to immense pressure over the last couple of years, but the COVID-19 pandemic has changed the way that we shop. More businesses than ever are getting online, and e-commerce and online deliveries have become the norm for many companies and consumers alike. This means there is now more public and private data stored online than ever before. But by increasing your businesses visibility, you also increase your risk of a cyber-attack.

A cyber-attack can have serious consequences for both businesses and consumers. A successful attack will cause reputational damage, financial implications, and a massive disruption to how food and retail businesses operate.

Over the last 12 months, businesses have experienced roughly one cyber-attack every 8 days. This is primarily due to the large volumes of customer data stored by the industry. If you consider the type of data you provide to a website to order something online, think about if you would like that data to fall into the wrong hands.

The most popular type of cyber-attack in 2022 was phishing attacks. Phishing at its most basic is a cybercrime where targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. According to recent research:

  • 1 in 3 employees are likely to click the links in phishing emails

  • 1 in 8 employees are likely to share information requested in a phishing email and finally

  • Over 45% of employees click emails they consider being suspicious “just in case it’s important”.

These statistics demonstrate just how critical it is to improve cyber security awareness in the food and retail sector.

Security Awareness Training

A classroom of people looking towards the speaker

Here at the ECRC, we offer a number of affordable Cyber Security and Resilience Services that are designed to assist businesses and their staff to have the right strategies to respond to cyber incidents efficiently and migrate any potential damage a cyber-attack may create. Through Cyber PATH, local university students are trained and mentored by senior ethical hackers, to deliver all our services and to work with staff to build their cyber awareness, understand the latest cyber threats and secure the business’s online environment.

Your people can be your biggest asset and with our Security Awareness Training (SAT) they can become highly effective barriers to cybercrime. Our Awareness Training focuses on those with little or no cyber security or technical knowledge and is delivered in small, succinct modules, using real-world examples.We tailor our Security Awareness Training to each individual audience to provide the right level of skills and context for your business. We can deliver training to any sized group, in-person, remote or a hybrid of the two.

The trainers are highly knowledgeable, personable, and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions. Below are testimonials from businesses who have already had our Awareness Training:

Testimonial 1

“The Cyber Path Student was a confident and knowledgeable presenter who put all attendees at ease and lead a thoroughly enjoyable and hugely useful and informative session. Time well spent!”

Testimonial 2

“Whole session was good-humoured, appropriately targeted (relevant), interactive - and had well-timed (and much appreciated!) breaks!”

Testimonial 3

“The student was a natural presenter, the session was fun and engaging with the right level of detail for the audience. She quickly built a rapport with the audience, delivered the content well and got the whole room discussing Cybersecurity early on. It was a great way to delivery cost effective Cyber Awareness training, build the knowledge within the staff and help them be more aware and more secure online. I’d definitely use CRC again to deliver additional Cyber Awareness training to my clients.”

The benefits of Security Awareness Training

For just a few hundred pounds, you can help to protect your business against a cyber-attack that ultimately could cost you thousands. In October 2021, Tesco was a victim of a cyber-attack that lost them over £50 million in lost sale and revenue. However, smaller businesses are the ones that are more frequently targeted by cyber-criminals and the impact on a small food producer losing its data due to a cyber-attack may not just be detrimental, it can close them down for good.

Our Security Awareness Training covers a wide range of cyber security topics, including social engineering, ransomware, and phishing attacks. The training provides simple and effective knowledge for people to understand their environment and provides the confidence to challenge when something doesn’t look right. With the food and retail sector becoming a big target for cyber criminals, it is vital that your staff are aware of the potential risks and steps to protect themselves.

What’s next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.

Here at the centre, we would advise you to do three things now

  • Join our free core membership. Start implementing some simple changes now and start protecting your organisation, staff, customers, and supply chain.

  • Contact us to arrange a meeting to discuss providing Security Awareness Training for your company.

  • For all businesses across the Eastern region, we would recommend that you look at improving your overall cyber resilience and work towards achieving Cyber Essentials accreditation – the basic government backed kite mark standard for cyber security. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. Our free Little Steps course can help you understand what you need to do.

Here at the ECRC, we are already working closely with hundreds of organisations across the seven counties to help them tackle the continually changing cyber threats that they face. So come and join our community as free members and let us help you protect your organisations from the ever presents threats out there in the cyber-verse.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Report a phishing attack

If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at:

Text messages can be forwarded to 7726


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page