The rise of retail cyberattacks: causes and safeguards

Nowadays, retailers are collecting and storing a vast amount of customer data, expanding the attack surface and target for cyber criminals. Additionally, increased reliance on interconnected systems and technologies makes retailers vulnerable, as attackers exploit these ecosystems and identify the weakest links to compromise operations and networks.

Ransomware, phishing, DDoS attacks and more: what types of cyber threats should retailers fear more?

Retailers are under threat from a diverse and evolving array of cyber threats. Ransomware attacks, which likely caused the M&S recent IT outage, have surged dramatically in the last few years and are now one of the most costly and destructive threats faced by retailers. These often begin with phishing emails, leading to the encryption of critical systems and demands for payment.

Attackers are now also deploying sophisticated tactics such as AI-generated messages, which are hard to detect and designed to trick employees into giving sensitive information away freely.

DDoS attacks are also increasingly prevalent in retail and are designed to cause significant disruption by overwhelming systems and causing downtime during peak shopping periods, opening the door for further exploitation.

Cyberattacks' impact on retailers extends beyond immediate financial loss and operational disruption

Cyberattacks against retailers erode customer trust and cause reputational damage, which can take years to rebuild. Following an incident, customers are increasingly wary of returning to a retailer that has suffered a data breach, which result in long-lasting effects such as decreased sales, reduced market share and weakened brand loyalty. Even after an incident is resolved, retailers can face ongoing costs, such as increased insurance premiums.

There are, of course, immediate and lasting repercussions. When customers learn their personal information has been compromised, they can question a retailers’ ability to protect data, leading to a breach of trust. As a result, they can withdraw from products and services and may also discourage others from engaging with that brand. Even after issues are resolved, these perceptions can linger much longer.

What are the hidden operational costs of a cyberattack for businesses?

Businesses will need to front several direct costs, such as system repairs, data recovery as well as costs to mitigate the disruption of day-to-day business operations, lost sales and delayed order fulfilment. On top of this, they may need to pay for regulatory compliance and legal services, especially if they have to navigate complex laws and manage regulatory investigations and potential lawsuits following an attack. They may also need to invest in new technology and system upgrades to prevent any further incidents, and may be faced with increased insurance premiums too.

These cumulative costs soon add up and highlight the importance of having robust cybersecurity measures to stop an attack in the first place.

How can retailers strengthen their cybersecurity standing?

Retailers should first understand that cybersecurity is not a one-off activity, but an ongoing process.

As a first step, they should conduct a comprehensive risk assessment to identify any vulnerabilities across their ecosystems, and crucially, this needs to include any third-party members. Following this, they will need to develop robust security policies and incident response plans, and conduct regular system testing and audits. As techniques evolve, it’s important to conduct regular reviews and testing to ensure systems remain as robust as possible.

Retailers also should not overlook the importance of employee training. Employees are one of the strongest links when it comes to preventing cybersecurity incidents, and making sure all staff understand how to potentially detect and report an attack is key.

Should retailers be investing more heavily in cybersecurity insurance? What does it actually cover in real-world scenarios?

Given the rising frequency and cost of attacks, investing in cybersecurity insurance is becoming essential. It provides retailers with a critical safety net, covering a range of expenses that they may be liable for, such as business interruption losses and legal costs. In real-world terms, this can cover the cost of notifying affected customers, credit monitoring services, public relations fees, system repairs and data recovery.

However, it’s important for retailers to understand the specific terms and limitations of any policy that they choose, as these can vary. Each type of possible cyber incident isn’t automatically covered by all insurance policies, so it’s crucial to work with a provider to ensure an adequate level of cover.

What technologies or tools can help retailers strengthen their cybersecurity?

There are a suite of technologies that need to be in place to protect sensitive data and operations, including anti-malware protection, multi-factor authentication, and detection capabilities. These ensure that attacks are detected in a timely manner and data loss prevention solutions are activated. Third-party integration is also important to ensure that all risks are known and any vulnerabilities within the wider supply chain are remediated swiftly.

How often should retailers review and update their cybersecurity systems and procedures?

Retailers should be proactive and get ahead of evolving threats. It’s good practice to regularly review policies and controls by testing systems at least every quarter, and especially after any software updates or changes in business operations. Frequent testing will provide peace of mind and ensure you stay informed of the latest intelligence.

When working with third-party platforms and suppliers, what steps can retailers take to ensure their wider digital ecosystem is secure?

Retailers can enhance the security of their wider digital ecosystem by implementing robust risk management programmes, identifying associated risks, and minimising access to sensitive data. They should conduct a thorough risk assessment of their suppliers, understand any history of security incidents, set clear security requirements in contracts and perform regular assessments of their supply chain.

What up-and-coming cybersecurity challenges will retailers face over the next 2–3 years?

Threats are evolving rapidly, especially those leveraging AI. AI integration is growing among retailers as they seek to improve personalisation, and as a result, attackers are finding new ways to gain unauthorised access to systems and disrupt operations. The introduction of AI into core functions naturally increases vulnerability, and retailers aren’t all prepared against this. Additionally, retailers with large supply chains face increased risk due to the complexity of modern supply chains, which present a challenge to maintain visibility and control over potential entry points.

What should retailers and their CEOs do next about cybersecurity?

Treat cybersecurity as a core business priority – not just an IT issue. It should be embedded into a business’s strategic planning at the highest level.

Being well prepared is not just good practice; it’s a competitive advantage, and CEOs who take a proactive, strategic approach to cybersecurity and invest in it will be better positioned in the long term.

Get in touch with our experts

For more information on our cybersecurity and advisory services, please get in touch with our team via the form below.

Contact us today

Extracts from this article were used in Retail Sector's Retailers at risk: how cyber threats are shaping the future of commerce and City A.M’s article: Why M&S, Harrods and the Co-op were hit by cyber attacks