It’s a steal: are hackers getting the better of the retail industry?
19th June, 2025 • Online
With complicated supply chains, third-party dependencies and digital sales channels, retailers need to spend more on security.
Cyberattacks on retail: A global threat that can’t be ignored
The Blue Yonder attack is a case study in retail cybersecurity: The Arizona-based company, owned by Panasonic, provides systems for fulfilment, delivery and returns for more than 3,000 major companies across 76 countries and was hit in November 2024. It was also named as a victim of a separate attack via a zero-day vulnerability in a file-sharing program sold by Cleo.
The attack demonstrates the dangers of ransomware, of advanced zero-day attacks, and of the complexity of third-party attacks: Morrisons and Sainsbury’s, two of Britain's largest supermarket groups, as well as many others globally, were affected by a third-party supplier of business-critical software. In turn, that supplier was also hit by an attack executed on a piece of its own third-party software.
So, it’s no surprise that cyber and data risks are what retailers are most concerned about in the next 12 months, according to research by Barclays Corporate Banking and Retail Economics. Of the UK retailers surveyed, 34% said they see cyber and data threats as the biggest risks, with 70% saying they are one of their “top three risks” over the next year.
However, many also view this as something they can feel confident about managing due to investment in technology to safeguard operations. Of those surveyed, 81% of retailers said the business is where it needs to be or ahead of the competition in terms of cybersecurity issues such as ransomware, malware attacks, network security or fraudulent attacks.
Blue Yonder and other attacks like it show that this complacency is misplaced. And to prove it, another 2024 report revealed that 45% of retail businesses were hit by a ransomware attack last year, with more than half of those attacks succeeding in encrypting their data.
It’s not just the big firms who get attacked either. Nearly half of all cyberattacks target businesses with 1,000 employees or less. Even physically small retail operations can have sizeable transaction flows and be attractive targets for hackers.
So, what should retailers be doing to heighten their security? Which technologies are best tailored to their particular needs? And can AI help in the fight against retail cybercrime?
This event will focus on multiple challenges including:
- Implementing best-in-class endpoint device management
- Improve general technical controls including encryption, authentication, and authorization
- Third-party security and interoperability with other parts of the retail ecosystem
- Better risk assessment and business continuity plans
- Develop more coordinated incident response
- Secure a complex and rapidly evolving IT/OT environment