According to annual forecasts by Bain & Company, the luxury goods sector will reach €1.5 trillion by 2023. As an essential part of the global economy and a showcase for French know-how, it is a prime target for computer attackers whose motives are primarily financial and political.
Citalid’s Cyber Threat Intelligence (CTI) team has analysed this sector to identify the main trends in cyber threats and help the companies concerned to better understand the contextual risk they face.
Analysing the state of the cyber threat in the luxury sector: a challenge for cyber threat intelligence experts
Compared to other activities, there is relatively little data on cybersecurity incidents in the luxury goods sector, mainly because the targeted companies are concerned about their brand image and do not communicate much about the attacks they have suffered. Cyber offensive activities documented in open source are often limited to public claims and exhibitions. The resulting impact is therefore difficult to assess, as the perpetrators of these cyber-attacks may also deliberately overestimate the impact of their actions for media purposes and to damage the brand image of these companies.
Our cyber threat intelligence experts have focused on the following cyber threat scenarios: ransomware, data disclosure and leakage, availability attacks, incitement and propaganda, and espionage. All of these are available on the Citalid platform, enabling you to quantify your risk of financial loss and suggest the most effective and profitable actions, taking into account your specific business activities.
Why does the luxury goods industry attract cyber attackers?
Firstly, this is a sector where brand image is a fundamental pillar. Some cybercriminals have therefore recognised that the image imperative is a powerful lever of coercion for these large companies. In the same way, the luxury goods industry offers exceptional goods to an international clientele that is sensitive to the reputation and quality of the luxury maisons. Their ambition is to provide their customers with a first-class, personalised experience, and in order to do so they collect a great deal of personal and sometimes sensitive data – given that their clientele is made up of wealthy and/or public and/or political figures. This data is of interest to intrusion sets who, in the event of exfiltration, can sell it on or use it for a variety of malicious purposes, including extortion scenarios (especially ransomware).
The major luxury goods companies rely on a range of service providers and suppliers (particularly for raw materials) for production, and then on a network of distributors to market the goods. Each link in this value chain can therefore be potentially critical to the end business. Attackers can therefore deliberately target one of these third parties in order to reach the targeted luxury goods company, as part of an offensive scenario known as a ‘supply chain attack‘. By paralysing the supply chain, the production or marketing of the final product is compromised.
The luxury goods industry produces strategic business data that is used on a daily basis for business processes, research and development projects, and the strategic direction of the company. In the event of a leak or disclosure, this confidential data could disrupt the company’s competitiveness.
Brand image, reputation, the sensitivity of the data held, and the criticality of the supply chain are all pressure points that make the luxury sector particularly attractive to malicious IT attackers.
AI, blockchain… Luxury, a sector in the throes of digitalisation
Although luxury is based on exceptional craftsmanship and therefore still largely manual, the sector has taken a digital turn. To innovate and meet the needs of their customers, the various players in the industry are not hesitating to embrace new technologies. According to a study by Bain & Company, two generations of digital natives (Millenials and GenZ) will account for 75 to 85% of the customer base by 2030.
The use of artificial intelligence is very popular among luxury companies:
- AI is being used by the big houses at various levels of the production chain to improve efficiency: optimising manufacturing processes, improving sourcing of raw material suppliers, reducing time-to-market, etc.
- AI is also extremely useful in marketing, improving the customer experience by providing tailored, personalised support.
- Finally, AI is proving particularly effective in defining and anticipating future trends by processing data of all kinds and from all horizons.
The major luxury groups are also very interested in blockchain. Guaranteeing the traceability and authenticity of items, protecting intellectual property and establishing a history of ownership are just some of the possibilities offered by this technology, which can be used to limit the production of counterfeit goods, a scourge for the industry and its consumers. The Richemont, Prada and LVMH groups have formed a consortium (Aura Consortium Blockchain) to develop their own tool.
Luxury goods companies impose strict cybersecurity requirements on themselves in order to maintain their brand image and the trust of their customers. However, apart from the GDPR, the luxury sector is not subject to certain European cybersecurity regulations such as NIS2. Despite this vigilance, luxury companies are sometimes targeted by cyber attackers. The digitalisation of the sector is helping to expand the area in which companies are exposed to cyber risk. Attackers are mainly attracted by the lure of profit, but other motives can be observed due to the sensitivity of certain data (public figures who are part of the clientele, etc.).
Cyber Risk Quantification, a method tailored to the luxury goods industry
Faced with this attraction of digitalisation, which is necessary to adapt to new consumer habits but which also attracts the interest of attackers, it is important to adopt new methods to better protect ourselves. Citalid has developed a cyber risk quantification solution specifically adapted to the activities of companies in the luxury goods industry. One of our clients, a major player in this sector, comments:
“Citalid’s commitment and expertise enabled us to obtain accurate results very quickly. In addition, Citalid’s solution has helped us to manage our investment roadmap more effectively and has enabled us to present a new quantitative approach to our cyber risks to insurers”.
Understanding the nature of your risk and contextualising it more accurately in relation to your industry is a real asset when it comes to building an effective cyber security strategy, by prioritising the actions to be taken in light of your own vulnerability. This is what Cyber Risk Quantification (CRQ) is all about.
Why is the solution developed by Citalid particularly suited to the luxury sector? By identifying the threats that are likely to target them and the associated potential vulnerabilities, the Citalid Anticipation Platform enables its clients to take the most effective and profitable proactive measures to defend their business assets (intellectual property, brand image, personal data), their ecosystem of subcontractors and partners, including insurance providers.
Couldn’t the use of a CRQ solution become a competitive advantage for companies in the luxury goods industry? In a sector focused on prestige and exclusivity, having a real strategy to anticipate the entire cyber risk chain (security, ecosystem, and insurance) thanks to cyber threat intelligence and risk quantification can be a unique selling point. It allows a luxury brand to stand out from the crowd and attract customers who are concerned about the security of their data. Demonstrating a commitment to robust cybersecurity practices through quantification can also strengthen partnerships and create collaborations with other companies, reassuring them of the brand’s commitment to data protection and shared interests.
Citalid regularly produces sector reports and studies, which are made available to platform users via the Risk Intelligence Centre. This library of cyber threat knowledge allows you to learn and share information whenever you want, thanks to exclusive, affordable, and contextualised content developed by our specialists in cyber threat analysis, economics, insurance, and geopolitics. All of this value-added information is incorporated into our algorithms for the financial quantification of cyber risk.
Would you like to read an example of the resources we produce? To find out about the key trends in cyber threats to the luxury goods sector, don’t hesitate to download our latest sectorial report!