In 2021, e-commerce sales are expected to account for 18.1 percent of retail sales worldwide. The growth of e-commerce is a clear indication that an increasing number of people are buying and selling goods and services online. This is because of the numerous benefits that the business model offers both companies and consumers. However, e-commerce is not without some risks. It is important for online businesses to understand these risks so they can better prepare for the unexpected.

Here are some e-commerce risks you need to know.


Ensuring Your Online Business Harris Insurance 7


The global economy lost nearly $1 trillion as a result of cybercrime in 2020, three years later, the cost went up to $8 trillion in 2023. With cyber criminals becoming more and more sophisticated by the day, e-commerce businesses are constantly exposed to cyber security threats. Some risks that online businesses face are phishing attacks, website hacking, malware, credit card fraud, ransomware attacks and unprotected web services.

Most online businesses handle sensitive personal information from customers and process numerous transactions. As such, online security breaches can have far-reaching consequences for your business. Without proactive cyber security measures in place, your business will be exposed to lawsuits, penalties and fines.

Case Study: Yahoo Data Breach

The Yahoo data breach, occurring in August 2013 and impacting 3 billion accounts, stands as one of the largest in history. Initially disclosed in December 2016, Yahoo’s estimated number of affected accounts jumped from over a billion to 3 billion within a year. This breach was revealed during Yahoo’s acquisition by Verizon, which still proceeded with the purchase at a reduced price. The breach exposed account information like security questions and answers.


E-commerce businesses have to collect information about visitors and existing customers. This information can help to identify potential customers, provide great customer service, ensure personalized communication and process payment transactions. However, to avoid legal problems, the information must be collected without interfering with rights of privacy.

Similarly, businesses have a responsibility to keep customer data safe and secure. However, there is always the risk of such data being compromised and used for identity theft, unsolicited marketing and spamming. As a custodian of personal data, your business should work hard to protect the privacy rights of all online visitors.

Case Study: Facebook Data Privacy Scandal 

In 2019, Facebook faced a monumental $5 billion fine from the U.S. Federal Trade Commission (FTC) due to the Cambridge Analytica scandal and other privacy violations. This fine remains the largest ever imposed by the FTC, reflecting the severity of Facebook’s mishandling of user data and the widespread public and political fallout that ensued.

The scandal, one of the most notorious in data privacy history, highlighted significant concerns over the protection of user information on social media platforms. Despite the initial $5 billion penalty, Facebook ultimately settled the matter in court for $725 million.


Violation of intellectual property is a common threat that can result in huge losses. Businesses in the e-commerce industry face the risk of copyright, patent and trademark infringement. Even when you have adequately protected your intellectual property, you may end up violating someone else’s intellectual property. This could cost your online business a fortune.

When it comes to intellectual property, there is yet another risk that you may not have considered. If a third party’s advertisement appearing on your website violates another party’s intellectual property, you may still run into serious problems.

Case Study: Shein Intellectual Property Lawsuit

Designers Krista Perry, Larissa Martinez, and Jay Baron filed a lawsuit against the e-commerce giant Shein, accusing it of selling exact copies of their creative works, utilizing the civil racketeering laws under the Racketeer Influenced and Corrupt Organizations Act (RICO).

The lawsuit targeted Shein’s complex corporate structure and production strategy, which they argue facilitates intellectual property theft and complicates accountability. Shein responded by emphasizing their commitment to addressing infringement claims seriously and defending against baseless allegations. Experts suggested that Shein’s approach of producing small batches based on algorithm-detected trends complicates copyright and trademark enforcement, potentially leading to costly lawsuits with minimal rewards.


Just like regular retailers, e-commerce businesses are concerned about product liability issues. The products or services you sell online can be defective, result in some type of injury or cause damage to property. This could be due to design flaws, manufacturing defects or marketing defects. When this happens, your online business may face third party claims.

When running an e-commerce store, there is no telling when you will encounter product liability issues. To protect your business from financial losses, make sure you have product liability insurance to cover the associated expenses.

Case Study: Amazon Hoverboard Case

The 2018 case involving exploding hoverboards sold on Amazon brought to light the complex product liability challenges within ecommerce. These hoverboards, known for overheating and causing fires, led to lawsuits against Amazon, which argued its role as merely a marketplace and shifted the responsibility for product safety onto the third-party sellers.

Despite the sale of these hazardous products between 2015 and 2016, some costing up to $900, and resulting in burns and property damage, the court sided with Amazon. This decision highlighted the importance of seller responsibility in product safety, setting a precedent for ecommerce liability. 


Even with thorough record keeping and clear communication, mistakes can happen when shipping items to customers.  Because purchases are made online, e-commerce businesses typically make promises and enter into contracts before the actual transaction takes place. However, there are times when you will run out of stock, orders will be misplaced, the wrong items are sent and orders will get lost in transit. This could be due to errors or warehouse and logistics challenges.

If the errors and challenges result in your customer losing money, you could be held professionally liable. You can be sued for breach of contract, professional negligence or failure to deliver a promised product or service on time.

Case Study: Amazon Prime Lawsuit

In 2022, Amazon Prime customers filed a lawsuit expressing their dissatisfaction with the service, particularly for not meeting the two-day delivery promise. Despite billions of packages that Amazon processed weekly, including those for Prime members who paid for expedited shipping, delays became a common complaint.

Prime customers, including those from California who initiated the lawsuit, accused Amazon of falsely advertising and deceptively marketing its one- and two-day shipping guarantees. They alleged that Amazon provided a specific delivery date at the time of purchase, only to extend this date or fail to provide any expected delivery date due to delays in transit. 


Apart from exposing you to professional liability, human error can also cause data loss. In fact, about 95 percent of cyber security breaches are caused by human error. An innocent mistake such as deleting a file, poor password hygiene, poor access control or email misdelivery can present serious cyber risks.

To minimize the risk of losing important customer, employee and business data, invest in a reliable backup and recovery solution. Also, educate your employees on the importance of remaining vigilant and train them for cyber security. This will go a long way in reducing human error.

Case Study: Equifax Data Breach

The Equifax data breach in spring 2017, marked by expired certificates and unpatched vulnerabilities, underscores significant cybersecurity lapses. Despite receiving a warning from the U.S. Department of Homeland Security about a vulnerability in Apache Struts, Equifax’s internal communication and subsequent actions failed to address the flaw. A misconfigured device, due to an expired digital certificate, failed to detect the vulnerability, allowing attackers to infiltrate and remain within Equifax’s system from mid-May to the end of July.

This breach exposed the personal information of 145 million U.S. residents and over 10 million UK citizens. The use of rogue or stolen certificates by attackers can hide data exfiltration within encrypted traffic, complicating detection without effective HTTPS inspection solutions. In September 2018, the UK’s Information Commissioner’s Office fined Equifax £500,000 (about $625,000 USD), the maximum under the Data Protection Act 1998, for failing to protect UK citizens’ personal information, showcasing the grave consequences of cybersecurity negligence.


Even a few minutes of system downtime can be disastrous for an online business. Outages may occur due to coding errors, a surge in traffic, problems with online payment systems, or scheduled downtime to update servers and security. Platform downtime will lead to business interruption and loss of productivity. When the outages are frequent and lengthy, they will damage your reputation and impact your bottom line.

Apart from website downtime, several other factors can contribute to poor customer experience. These include low quality imagery, a site that is difficult to navigate and slow site speeds.

Case Study: Facebook Outage

The significant Facebook outage on October 4, 2021, lasting seven hours, affected not only Facebook but also Instagram, WhatsApp, Oculus, and enterprises using Facebook’s authentication system, marking it as the biggest outage of the year. Triggered by a routine maintenance task gone awry, the outage was caused by a command that inadvertently severed all connections within Facebook’s backbone network, leading to a complete disconnection of its data centers.

This situation was exacerbated by a bug in the audit system meant to prevent such mishaps, resulting in both public-facing services and internal management tools going down, necessitating manual system restarts by staff physically entering data centers. The breakdown also affected DNS query systems, isolating DNS servers due to disabled BGP advertisements, which further complicated recovery efforts as engineers struggled without standard access to data centers or the usual internal tools due to total DNS loss.


E-commerce businesses must adhere to certain regulations relating to data privacy and protection. Business owners who operate without regard to the applicable laws run the risk of paying hefty financial penalties, serving time in prison or having their company shut down altogether. With this strict regulatory environment, non-compliance could jeopardize your business continuity.

Whether you sell locally or internationally, you should understand your obligations under these laws. This way, you will take statutory compliance seriously, something that will help you to protect your business, employees and customers.

Case Study: Marriott International Data Breach

In October 2020, Marriott International faced an £18.4 million (about $23 million USD)  fine by the Information Commissioner’s Office (ICO) for a substantial data breach that compromised millions of guests’ personal details, under the General Data Protection Regulation (GDPR) framework. This fine came in the wake of a cyber attack dating back to 2014 on Starwood Hotels and Resorts Worldwide, which Marriott acquired, where approximately 339 million guest records were accessed, including 7 million records of UK residents.

The breached data included a wide array of personal information such as names, email addresses, phone numbers, unencrypted passport numbers, and details related to guests’ stays. The ICO’s investigation concluded that Marriott failed to implement adequate security measures to protect this data, leading to the fine. However, the amount was significantly reduced from an initial threat of £100 million (about $125 million USD), taking into consideration Marriott’s efforts to mitigate the breach’s impact and the economic toll of COVID-19 on its operations. 


Disasters happen, and they can take many different forms. Whether natural or man-made, these unforeseen events can have adverse effects on your online business. One of the potential risks that e-commerce businesses face is loss of premises and inventory damage due to disaster. Inventory can be damaged while in the warehouse or when in transit.

To ensure your online business survives and carries on after such disasters, you should have the right protection in place. Having adequate insurance coverage will minimize your financial loss and help you get your business back up and running.

Case Study: Nike Tracking Issues

Nike experienced a significant loss of around $100 million in sales in the early 2000s due to tracking issues. The company’s subsequent adoption of updated inventory software aimed to improve sales prediction and demand fulfillment, but instead led to further financial setbacks due to bugs and data inaccuracies.

Despite these challenges, Nike continued to face inventory dilemmas, notably in 2016 when its gross margin suffered from increased discount sales linked to these persistent issues. In response, Nike has been refining its inventory practices through manufacturing overhauls and the adoption of digital technologies, aiming to solidify its status as a global leader in the athletic wear market by innovating products, exploring new markets, and optimizing its supply chain, demonstrating the importance of adaptability and quality in inventory management systems for large, dynamic businesses.

Ensuring Your Online Business Harris Insurance

Putting in place the right preventive measures will go a long way in ensuring your online business is protected. Part of this involves buying a comprehensive business insurance policy. At Harris Insurance, we are a B2B commercial insurance provider based in Las Vegas, NV. Our policies are designed to help you contain and transfer the risks that are inherent to your business. Contact us today to learn more about our insurance services.