top of page

The State of Cybersecurity in Retail

Pondurance
December 1, 2022

Most industries are learning to navigate new operations post-pandemic. To respond to shoppers’ needs, many retailers are offering a mix of brick and mortar and e-commerce stores. But as retail businesses expand, so does the attack surface. Every single outlet, store, website, and social media account is a potential target.

Here are cybersecurity statistics on the retail industry that may or may not surprise you, as well as helpful resources for your retail business:


Most cyberattacks in the retail industry are financially motivated

The retail industry experienced 629 confirmed incidents and 241 breaches with confirmed data disclosures in 2021, according to Verizon’s 2022 Data Breach Investigations Report. Of these attacks, 98% were financially motivated. 


Retailers collect valuable data like consumer information and payment card data, making them prime targets for bad actors. Now, the introduction of contactless payment and more online buying options has created an expanded attack surface, making it increasingly challenging for retailers to protect customer data. Find out why many retailers are turning to managed detection and response (MDR) services to defend against cyberattacks and learn what MDR services can do for your retail business.


The retail industry experienced its highest rate of ransomware attacks

The retail industry experienced its highest rate of ransomware attacks last year, reporting a 75% increase over the previous year. In all, 77% of retail businesses were hit by a ransomware attack in 2021, up from 44% in 2020. 


The growing threat of ransomware is an unsettling trend for retailers. Threat actors exploit vulnerabilities in retailer networks to install ransomware, encrypt systems, and freeze transactions until the retailer pays a ransom, leading to huge financial losses and damage to the retailer’s reputation.


Educating your employees and implementing cyber hygiene practices are critical to reducing human error, but investing in the right cybersecurity tools, hiring highly trained cybersecurity analysts, and implementing 24/7 monitoring are key to mitigating ransomware attacks. Find out what motivates cybercriminals and how you can reduce ransomware attacks.


The shortage of skilled cybersecurity workers is impacting the retail industry

An estimated 4.1 million people work as cybersecurity professionals worldwide, including 1.14 million U.S. workers, yet the workforce must increase by 65% to defend against cyber threats, according to the (ISC)2 2021 Cybersecurity Workforce Study. 


Technology alone cannot stop motivated attackers. Modern MDR providers know that human attackers must be confronted by human defenders. Though technology is important, 24/7 detection and response paired with skilled threat hunters to manage alerts is the only way to protect your business. 


Small and midsize businesses have a particularly difficult time keeping talent due to limited budgets and fewer opportunities for advancement, according to a Forrester study. As a result, many retailers rely on external partners to provide around-the-clock protection. Check out the Forrester study to learn how businesses are evolving their cybersecurity practices and operations to alleviate the cyber talent shortage.


More internet-connected devices are being used in retail businesses

Over 84% of businesses use Internet of Things (IoT) devices, but less than 50% of them have taken the necessary steps to secure these devices. While these devices bring many benefits to the retail industry, they also pose serious threats that businesses must work to minimize. 


The pandemic shifted many retailers’ strategies and sped up digitization, namely through the integration of IoT devices. However, none of the potential gains from IoTs will be realized if the devices, communications, and data are not secured. IoT security must be a pivotal piece of the design of any IoT implementation and should be considered as a foundation of the overall solution. Learn how to evaluate IoT devices and discover the best practices for integrating them into your business.


Social attacks are the most common threats to retailers

Social attacks, like phishing and pretexting, have been on the rise over the last few years in the retail industry, up 29% this year


Phishing and social engineering scams are sophisticated and can trick the wariest users if their guard is let down even momentarily. For bad actors seeking valuable credit card and payment data, these attacks are one of the easiest ways to gain access to your system. One of the best ways to prevent phishing is to train your employees on how to recognize a phishing email.


Most retail organizations lose revenue due to ransomware attacks

Over 90% of retail businesses hit by ransomware reported that the attack impacted their ability to operate, while 89% reported that the attack caused them to lose business or revenue


The greatest threat to retail organizations is operation shutdown and loss of revenue. As ransomware attacks on retailers continue to rise, so does the average ransomware payout. Opportunistic attackers are capitalizing on this fact, and targeting individual retail stores and small chains.


One of the main ways bad actors gain access to networks is through compromised domain controllers. While there is no single “silver bullet” that will fully protect your business from all ransomware, protecting your domain controller is a critical step to mitigating your risk.


Retailers face significantly more threats during the holiday season

Cybersecurity should always be top of mind, but it’s especially critical during the holidays. Last year’s holiday sales grew 14%, reaching $886.7 billion, while e-commerce fraud attempt rates rose by 19%


In today’s cyber environment, threats pose a challenge for every industry, and retailers are on the hit list for bad actors, especially during the holidays. Training your employees on the best security awareness practices and staying on top of compliance requirements are important but not always enough to combat today’s cyber threats. Read this blog, Retailers Prepare for the Holiday Season — and Cybersecurity Threats, for common threats to retailers and ways to boost your defenses during the holiday season.


Cryptojacking attacks are on the rise

Cybercrime is a profitable business for threat actors, with a cost that is growing 15% year over year and is expected to reach more than $10.5 trillion by 2025


Bad actors can generate huge sums of money very quickly by infecting an e-commerce or retail business. While malware is commonly the gateway to cryptojacking attacks, other common vectors include brute force attacks, exploited software vulnerabilities, and infected plug-ins. As long as malicious scripts can run local commands on a machine, attackers can use this access to start mining cryptocurrency. But your retail business can fight back by learning ways to identify and prevent cryptojacking attacks.


More businesses are seeking and achieving PCI DSS compliance

The percentage of businesses maintaining full compliance improved from a low 27.9% in 2019 to 43.4% in 2020, according to Verizon’s 2022 Payment Security Report


Every organization working with cardholder data (CHD) must implement security policies, technology, and processes to ensure its systems are protected from breach and theft of CHD. With the rise in cyberattacks on every industry, many retailers are seeking help to maintain full compliance and combat these threats. Find out how to identify areas of risk and maturity related to Payment Card Industry Data Security Standard (PCI DSS) compliance at your retail business.


These statistics highlight some of the many challenges retailers face in the current threat landscape. Use these statistics and resources to acknowledge cyber lessons learned and take steps to improve your own security posture.


Learn how Pondurance retail services can integrate with the team and technology at your brick-and-mortar or e-commerce business to strengthen your cybersecurity posture and protect against cyber threats.

Keep Reading

bottom of page