How retailers can prepare for 2020 Cyber Monday challenges

By Franco Cordeiro, Sagar Mhaskar, Orson Lucas  

Cyber Monday is one of the biggest shopping days of the year. Just last year records broke when sales topped $9 billion for the first time ever – an increase of more than 16% from 2018. Last year also marked the first day in history when consumers spent over $3 billion using their smartphones.

However, this year’s holiday season will look and feel different as a result of COVID-19.  According to a recent KPMG survey, there will be fewer in-store shoppers, a rise in online shopping, and a decline in the average spend per person to $515 from $627 on a year-over-year basis.

Yet, even with the expected decline in spend, retailers remain under pressure to ensure the day goes smoothly and that customers enjoy safe and seamless shopping experiences. Many major retailers prepare all year to handle the increased demand that comes with Cyber Monday, and its potential risks, including site outages, increases in orders, hackers and phishing schemes. And 2020 is bringing with it a new set of challenges stemming from a dispersed workforce and social distancing requirements. 


What new challenges can we expect this Cyber Monday?

  • IT issues will be harder to respond to. Given the high degree of remote work, it will be more difficult for companies to bring response teams together quickly, either virtually and/or physically, if anything goes wrong – making timely and effective IT responses to incidents more challenging.

To adapt, leading organizations have set up remote technology response teams who are rehearsing responses to possible disruption scenarios. These teams are being supported by advanced monitoring services to detect degradation in online services, as well as customer communications and business continuity teams which can help respond to business and customer impacts from online disruptions.

In addition, cyber resiliency teams are working in a coordinated fashion to minimize the impact of potential outages or disruptions caused by online scams, cyberattacks;  and third-party service failures due to cyber impacts.

The organizations implementing these measures know that technical response and cyber resiliency teams must be prepared to fix issues quickly, and communication and business continuity teams must be ready to engage with customers effectively (e.g., using live Twitter feeds and providing call centers with critical updates).

  • Business resiliency challenges will continue. While not new, companies will have to plan for expected business resiliency challenges that stem from an increase in internet traffic – such as site outages and transaction completion issues. Over the long-term, to successfully navigate opportunities like Cyber Monday, IT systems and vendor provided services should be built with resiliency in mind, avoiding single points of failure.
  • Existing security controls may not support the new virtual environment.  With many employees working from home, a different strategy and new controls may be required to ensure that retailers are able to scale around increased remote usage volume and the security threats that come with this virtual work environment.  

For example, policies and standards may need to be updated to reflect changes, including monitoring employee communications, and device usage. Additionally, Chief Information Security Officers may need to revisit the IT and security architectures of their organizations to ensure remote access solutions (e.g., virtual private network, multi-factor authentication, remote desktop protocol, etc.) are working appropriately.

With people socially distanced and working remotely due to COVID-19, there are new risks and a new overall dynamic for this year’s Cyber Monday. By creating and testing robust IT incident, business resilience and communications plans, revisiting security controls, and building resiliency into system designs, companies can be better prepared for looming Cyber Monday opportunities and challenges.



Orson Lucas

Orson Lucas

Principal, Advisory, Cyber Security Services, KPMG US

+1 704-502-1067
View more

Related content