Securing a moving target: can CISOs keep up with retail innovation? 

16th June, 2026 • Online

In a hyper-connected, hyper-competitive sector, how can security teams keep the business safe without shutting it down?

Securing innovation, securing Al, keeping the customer 

After 2025, what do retailers face in 2026? Not just more of the same, but increasingly sophisticated, Al-driven attacks on hyper-connected supply chains and their own agentic Al systems. 

Retailers have always had to deal with one of the most difficult cybersecurity challenges: retail is at the cutting edge of innovation in everything from payments to virtual reality clothes try-ons. But in a hyper-competitive sector where customer behaviours force constant adoption of the latest tech, security teams can find it almost impossible to keep up. 

2026 will be no different. Agentic Al is redefining retail right now. Unlike traditional automation or generative Al, these autonomous systems don't wait for prompts - instead, they plan, act and learn continuously. Agentic Al monitors data, spots opportunities and executes tasks within set parameters. For consumers, this means a shift from passive browsing to proactive, personalised shopping. Platforms like Google and Microsoft now offer 

Al agents that compare prices, build baskets and even complete purchases with consent.

Behind the scenes, retailers are using the technology to optimise inventory, adjust pricing in real time and detect issues before they escalate - freeing teams to focus on strategy and boosting margins. Analysts forecast agentic commerce could generate $3-5 trillion in retail value by 2030, accounting for up to 20% of e-commerce spend. 

Social-commerce platforms go one step further, analysing behaviour to surface the right product at the right time. This has fuelled a sharp rise in channels like TikTok Shop, an in­-app e-commerce feature that lets users buy products directly within the app, which saw its sales increase 55% year-on-year in the UK in December 2025. 

For retailers, the challenge is clear: adapt fast or risk falling behind in an Al-orchestrated marketplace. 

So, how to secure this latest surge of new technology while you probably haven't finished ensuring that existing systems are as secure as they could be? And how serious is the threat to these new systems from external attackers, including those using offensive Al? And how well are security vendors incorporating Al into their products to help? 

It's clear that retailers that treat cybersecurity as a core business function, aligning security with their insurance policies and business operations, will be better positioned to navigate these intensified threats. What is not so clear is what retailers should do to make that ideal a reality. 

They need partners. They need help from their peers. And they need a trusted space to find them. That's why we are running the e-Crime & Cybersecurity Retail Summit. 

The e-Crime & Cybersecurity Retail Summit will take place online and will look at how cybersecurity teams are tackling these challenges. Join our real-life case studies and in-depth technical sessions and help make manufacturing secure. 

The Securing Retail Summit will cover critical topics such as...

Achieving visibility across ecosystems
From exposed initial access points such as warehouse management systems to complex machine control software, simply understanding your device and application landscape is a huge challenge. Can you help with asset tracking and endpoint visibility? And what about anomaly detection after that? 

Data integrity a critical priority
In Al-powered retail, corrupted data equals corrupted decisions. Pricing engines, demand forecasts and recommendation systems are only as trustworthy as their inputs. CISOs must prioritise data lineage tracking, tamper detection, pipeline validation and cryptographic integrity controls across analytics and Al workflows.

Defending against the latest ransomware variants 
Ransomware is effective precisely because it can exploit whatever weaknesses exist in your security architecture and processes. The threat and the actors are constantly evolving and that evolution is forcing the hands of government and causing havoc in the insurance market. What can CISOs do to better defend against ransomware? 

Securing Agentic Al 
Agentic systems don't just generate content - they act. CISOs must address model manipulation, prompt injection, data poisoning, tool-chain abuse and privilege escalation within Al agents executing transactions. Governance must extend beyond ML pipelines into runtime controls, behavioural monitoring and kill-switch design.

Why zero trust, isolation and segmentation are key 
Retail ecosystems now include logistics APls, fintech integrations, marketplace sellers, social-commerce platforms and Saas pricing engines. Each connection expands attack surface. Continuous third-party risk scoring, API security testing, software bill of materials (SBOM) validation and zero-trust segmentation become foundational, not optional. 

From Analysts to Al Supervisors 
Retail security teams cannot scale headcount at the pace of digital transformation. The future SOC blends automation engineers, detection scientists and Al risk specialists. Peer collaboration, shared intelligence and trusted industry forums become force multipliers in defending fast-moving retail environments. 

Making the best use of threat intelligence 
In a pre-emptive security model, timing is everything - success depends on detecting and neutralizing threats before they become active incidents. To do this, security operations can't just rely on internal telemetry (e.g., endpoint or network logs). They need external, real-time context about emerging threats - where do they get it? 

Security Posture Management 
Traditional vulnerability scanners don't handle cloud native architectures well. Today's cloud environments spin up thousands of ephemeral assets without a traditional OS, without an IP address for long. So how do you adapt to that dynamic, APl-driven reality? How can traditional tools connect the dots - not just generate tickets? 

Improving continuous attack surface discovery 
You need to know what attackers can see and what they can actually attack -and you need it on a continuous basis, not in some static inventory. Ideally you also need assets ranked by risk priority and put into the current threat and vulnerability context. Is this feasible and is it cost effective? 

The power of automation 
There's too much manual intervention in security. SOAR pulls data from SIEMs, EDRs, firewalls, cloud APls, ticketing systems threat intelligence feeds, and even email servers and coordinates actions across tools via APls and prebuilt integrations and intelligent playbooks. Well, that's the theory. How does it work in the real world? 

Adversary simulation and behavioural analysis 
Automated adversary simulation identifies telemetry blind spots. They provide prioritized remediation guidance and control effectiveness metrics. They track progress trends and validate security ROls as well as providing board and audit reporting. How well do they work in practice? 

Dealing with regulations 
CISOs now must build a single coherent security program that simultaneously satisfies divergent regulatory demands; they must interpret vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret differently later; they face unrealistic expectations around incident reporting; and they face personal liability. Can RegTech help?