Macy’s announced it is furloughing a majority of its 130,000 staff globally in the midst of the COVID‑19 crisis that has ground brick-and-mortar retail to a halt. Staff that remain will maintain e-commerce, distribution, and call centers operations.
The move came after Macy’s management signaled to employees that it tried all other measures first, including drawing down its credit line, delaying payments to suppliers, and halting some orders.
A growing list of retailers have now taken similar actions in the past week as more parts of the country are brought to a near-standstill in the attempt to slow the growth of the virus.
The COVID‑19 pandemic and economic crisis could not have come at a worse time for the struggling retailer. As Cyberhedge outlined in a December 9 Cyber Governance Alert, Macy’s persistent underperformance vs retail peers and the broader market was reflected in the long, 4+year downward slide of its share price. This left the company in a weak position to absorb any external shock, be it a ransomware-disrupting attack or a global pandemic.
Its poor cyber governance performance was a key contributor to this share underperformance and takes on added relevance amidst the company’s latest effort to orchestrate a turnaround via a digital transformation program. Even prior to COVID‑19, weak FY19 results indicated that digital sales growth alone was not enough to turn things around for a company with continually declining sales and shrinking margins overall.
Now, Macy’s e-commerce business has quickly pivoted from being a rare source of sales growth that management was counting on to overcome declining in-store sales, to possibly a critical lifeline for the 161-year-old company. Though a further policy response in the coming weeks from the U. S. government could provide support to the company (and other hard-hit businesses) in the form of emergency financing or other support, this makes poor cyber governance an even more pressing matter. Immense financial constraints limit the company’s ability to invest sufficiently in protecting its essential digital assets, namely the e-commerce business.
This increases the probability of a business disruption event like ransomware that would sever Macy’s last source of revenue while the pandemic continues to keep stores closed. Company management could maximize the limited resources it does have by conducting a rapid cybersecurity assessment to first validate the people, processes, and controls in place and allocate spend toward the areas most critical to lowering the probability of such a breach.