Commerce & retail
Cyber attacks are surging across the retail sector, and this may just be the beginning. Discover why retail cybersecurity is now a board-level issue and what leaders must do to avoid becoming the next headline.
The global retail industry is at a tipping point. A growing wave of cyber attacks is sweeping through the sector, raising serious concerns about the industry’s cyber hygiene and resilience. Once seen as a lower-priority target, it is now squarely in the crosshairs of sustained assaults that may lack sophistication but are devastatingly effective.
In April alone, established brands including Marks & Spencer, Co-op, Harrods, Victoria’s Secret, Dior, and Adidas, found themselves at the receiving end of cyber intrusions. More recently, in June, the list expanded to include United Natural Foods, Cartier, and The North Face.
These incidents form only the visible tip of a much larger, evolving threat landscape. Copycats are likely already circling. So, the retail industry faces a choice – invest in robust cybersecurity and protect your customers' trust, or risk a strategic crisis that jeopardises your entire business.
As a retail leader, we believe it’s time for you to act decisively. That means modernising legacy systems, strengthening identity and access controls, thoroughly vetting third-party relationships, and preparing your workforce to handle emerging threats like deepfakes.
Cybersecurity can no longer be siloed in IT, it must become a core strategic pillar of retail operations. Keep reading to discover our perspective on the essential steps retailers must take now to build resilience and avoid becoming the next victim.
The recent wave of attacks is not an isolated surge but part of an ongoing trend that we believe will only accelerate and spread to other industries. As cyber attackers grow more emboldened and copycat behaviour increases, retailers must understand who they’re up against and how these groups operate.
Several of the recent attacks have been attributed to Scattered Spider, a Threat Actor (TA) known for its methodical infiltration techniques. Unlike opportunistic hackers who exploit technical vulnerabilities, Scattered Spider typically spends time researching its victims and leveraging social engineering tactics, particularly against IT departments. By impersonating trusted insiders, the group deceives employees into surrendering valid login credentials. Evidence suggests the group may have compromised hundreds of organisations in just the past 2 years.
Once access is gained, Scattered Spider typically deploys Dragonforce ransomware, a commercially available Ransomware-as-a-Service (RaaS) tool. By outsourcing the malware component, the group prefers to focus on reconnaissance, initial access, and lateral movement within the network. Victims are then presented with ransom demands, payable in cryptocurrency.
To better understand the makeup of this TA, recent arrests offer valuable insight. Scattered Spider is not a structured, hierarchical organisation but rather a loosely connected group of individuals - primarily young (under-25) native English speakers, based in the US and UK. This linguistic and cultural alignment gives them an advantage when impersonating employees and maneuvering through Western corporate environments with alarming ease.
The consequences of a cyber attack in the retail sector extend far beyond the IT department. These incidents strike at the core of consumer trust, disrupt operational continuity, and pose serious financial risks. The damage is often swift, far-reaching, and costly.
Many retailers report reputational harm in the aftermath of a cyber attack. According to Statista, 56% of consumers will not trust a company that has recently experienced a data breach. This loss of customer trust inevitably leads to a decline in sales and widespread public backlash, especially when sensitive customer data is compromised.
Regulatory fallout is also on the rise. Retailers found to be in breach of data protection laws such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and others can face significant penalties. Under GDPR, fines can reach up to €20 million or 4% of annual global turnover. These penalties are not only financially damaging but also send a clear signal to customers and investors that the organisation failed to uphold its fundamental duty of care.
On the operational front, disruption is often both immediate and severe. In recent cases, impacted retailers had to take their ecommerce platforms offline, suspend in-store transactions, and disable critical internal systems for several days. The global average cost of a data breach stands at $4.9 million. To make matters worse, financial markets respond swiftly and unforgivingly.
When Marks & Spencer was targeted earlier this year, its share price plunged by 6.9%, erasing nearly £700 million in market value within days. To put this into perspective, the company had spent the better part of three years rebuilding investor confidence and adding £3 billion in value through a widely praised turnaround, only to see a quarter of that progress undone in less than a week due to a single cyber attack.
Additionally, the latest analysis by the Cyber Monitoring Centre, estimates the total financial impact of the cyber attacks on M&S and Co-op at between £270 million and £440 million. This figure reflects direct business interruption costs, incident response and IT restoration expenses, as well as legal and notification costs incurred by both retailers.
In a sector already constrained by thin margins and high competition, a single cyber incident can escalate into a full-blown strategic crisis. As such, cybersecurity must become a board-level priority.
The retail sector presents a uniquely challenging environment for cybersecurity and attackers know this. According to Shopify, around a quarter of all cybercrimes are aimed at the retail industry. The sector’s complexity is not just technical, but also deeply embedded in the way the industry functions. Factors that have inadvertently created security vulnerabilities include
In short, the retail sector’s operational complexity, decentralised structure, and thin margins make it especially vulnerable. Without a significant shift in how cybersecurity is prioritised, the sector will continue to be a high-value, low-resistance target.
Identity and Access Management (IAM) must be a foundational priority. Enforce strict access controls and ensure multi-factor authentication (MFA) is implemented, but not via SMS, which are susceptible to sim-swapping attacks.
Follow the principle of least privilege by granting users only the access necessary for their roles and review access privileges regularly for both human and non-human identities to minimise unnecessary exposure.
The surge in cyber attacks targeting the retail sector is not a fleeting trend; it reflects a shifting threat landscape that demands urgent and sustained attention.
As cyber threats become more sophisticated and persistent, traditional defences and reactive strategies are no longer adequate. Retailers must adopt a proactive, strategic approach that encompasses people, processes, and technology.
Cybersecurity can no longer be confined to IT departments or regarded as a routine operational cost. It must be embedded within the fabric of retail operations and championed at the highest levels of leadership. The cost of inaction is loss of trust, regulatory sanctions, operational disruption, and financial harm. This cost is simply too great in the competitive world of retail.
Retailers must begin treating cybersecurity with the same level of rigour as highly regulated sectors like financial services and healthcare.
At Zühlke, we bring deep expertise from complex, highly regulated industries to help retail organisations strengthen their cybersecurity resilience through tailored, end-to-end solutions. Whether you're facing legacy system challenges, third-party vulnerabilities, or need to embed security into your digital transformation, our experts are here to support you.
If you’d like to explore these challenges and solutions further (whether through a virtual session, workshop, or live event) please let us know by filling out the form below. You’ll be among the first to hear about upcoming retail cybersecurity activities and receive an exclusive invitation.
