The most common cyber risks in the retail industry

Posted 20/08/19

According to a Data Breach Investigations report by Verizon, retail is one of the most vulnerable sectors when it comes to susceptibility to cyber threat. From 2018 to date, the sector suffered at total of 373 incidents or breaches, and those are just the ones that have been recorded. As we move into the second half of 2019, it’s apparent that this industry remains among the top of cyber attack targets. 

Retailers have so many ‘weak spots’, particularly those that also trade online, that cyber criminals are able to intercept. In fact, it isn’t always just specialist cyber criminals that can pose a threat, these attacks can even come from inside the organisation. Due to the nature of the retail industry, there are often very large volumes of people involved with the organisation, whether that be internal, or external customers and businesses, and so it can often be difficult to determine where threats are coming from. 

In this post, we detail where the most vulnerable spots within the retail industry are, the most common cyber threats the sector is targeted with and how best to prevent these incidents from occurring.


Where are the retail industry's most common vulnerabilities?


As a retailer, we’re sure that you will likely have some form of online presence, and whether that online presence is transactional or not, simply existing on the web comes with all kinds of risks. This is naturally heightened by having a shoppable website, as you are receiving and storing volumes of very sensitive data. Regardless of the ecommerce platform and payment systems you use, if these systems become compromised by a cyber criminal or are maliciously breached by an internal factor, then this could cause a significant loss of income for your business. You will no doubt also suffer reputational damage, which could again in-turn cause a loss to your profits as potential customers fear using your services. This could also become amplified by potential fines or legal costs you may have to pay for as a result of the data you hold becoming compromised. 

POS systems

Just like your online payment system, your Point of Sale in your physical store(s) is also subject to compromisation. This is even more likely now that till systems are increasingly becoming connected to the internet, wider databases and inventory. This makes it possible for attacks to be carried out remotely, targeting your POS terminals and POS controllers, effectively intercepting payments and taking any data provided by customer’s. Now that many retailers offer a ‘receipt to your email’ service, hackers are often able to pair payment details with email addresses to further target your customer base. 

Not only are your till systems vulnerable to attend, but your card readers are too. This can be done physically by a cyber criminal or malicious insider by tampering with the device and implanting a payment card skimmer. A skimmer is able to read the magnetic strip on a payment card and store/send the data. According to Verizon’s report, this form of cyber attack was particularly seen during the introduction of ‘pay at the pump’ gas pumps, however these incidents are now slowly decreasing. 

Malicious insiders

This vulnerability certainly isn’t exclusive to the retail sector, but refers to action taken by people within your organisation to compromise your data or systems. Many members within your organisation will have access to various systems within your business and have the ability to leak data, steal data or even shut systems down. Former employees or collusive employees can also pose these risks to your business if their access isn’t revoked accordingly.  

However, insiders aren’t always malicious. Your employees can cause risk simply by existing within and using your systems. For example, should an employee open an email from a malicious source and click on a link, your systems can be immediately intercepted without any intent by your employee. It’s important to ensure that your employees are fully educated on the risks and vulnerabilities within your organisation in an attempt to prevent such avoidable incidents. 

IT systems 

As a retailer, it’s likely you use various different IT systems in the day-to-day running of your business, whether this be accounting software, warehousing and inventory software, payment systems, email platforms or anything else. Any of these systems are vulnerable to being intercepted by cyber criminals or malicious insiders and so to avoid such events from occurring it is of paramount importance that you regularly carry out a full IT risk assessment. Using any IT systems puts you at possible risk of being hacked, but this can become even more likely should you integrate your IT systems, or like the Marriott, acquire another business and implement their systems into your own. This would mean any threats within their systems will be automatically passed through your own. Ensuring you have the right precautions and a comprehensive cyber risk management strategy in place is important to prevent any threats within your systems going undetected. Undetected cyber threats are far more common than you might think, with many organisations being victims for years before becoming aware.


What are the most common attacks targeting the retail industry today?

In 2018 to date in 2019, these forms of cyber attack were reported as the most common in the retail industry according to Verizon’s Data Breach Investigations Report


One of the most common cyber attacks in the retail industry is hacking, whereby customer’s credentials such as payment details, name and address are stolen and used by the cyber criminal. There are many ‘weak spots’ where this can happen, including databases, web application interception, POS and even mail. 

A recent example of this was in the case of British Airways, where 380,000 customers’ had their data stolen by a hacker who had copied their credentials as they entered them into the BA website. This data was then sold on the darkweb and BA were responsible for compensating any losses suffered by their customers. 


Phishing refers to an email that appears to be from someone or a company that your trust, such as your bank or somewhere you regularly shop. These emails are becoming more sophisticated and can trick you into thinking the guise is real and trustworthy and often contain malicious content such as encouragement to provide your sensitive data or links and attachments that will download malware onto your device and infect your network. 

This has commonly been seen where email threads are intercepted by a hacker who then perfectly replicates emails you have received previously that you know to be trustworthy. For example, in 2017 a couple were tricked into bank transferring £120,000 to a cyber criminal who had been monitoring emails between themselves and their solicitor. Your customers may be susceptible to this risk if your email accounts become compromised. 


Malware is a malicious file that is downloaded to your device that goes on to compromise your physical device and your network. It comes in many forms but one that has most commonly affected the retail sector in recent years is Ransomware. This is where files, databases and apps are compromised by a hacker who then locks you out of your systems with the threat that if you do not pay a ransom fee, your files will be deleted and your data will be leaked. 


As mentioned above, misuse is whereby employees, whether with intent or not, cause a risk to your data and IT systems. It can be difficult to determine whether an employee is likely to carry out malicious behaviour, but there are precautions that should be taken. For example, ensure employees are only given access to systems that are essential for them to do their day-to-day job, be sure to delete all former employees from systems and educate your employees regularly on new forms of cyber attack and how to be vigilant. 

A recent example of this type of attack was seen when an EE customer was stalked by her ex-boyfriend who worked for the company. He was able to access her personal data without permission, intercept the use of her phone, acquire her account details, payment details and home address and even impersonate her to retrieve documentation.  

Denial of Service (DoS) attack

This is where networks, systems and websites are compromised beyond use, resulting in loss of income and reputational damage. When an ecommerce site suffers downtime, it’s obvious that profits are lost, but it also causes customers to become wary of the retailer and distrust their services. There are also attacks designed to overwhelm systems, much like if the server became too busy, which slows performance down, or interrupts it entirely which again can cause a loss of revenue and at best, irritate customers trying to use the site.


How can you avoid these attacks?

There are many measures you can take to protect your business from falling victim to these highly common threats. Ensure that you have a cyber risk management strategy in place, whereby you regularly audit all of your systems, carry out regular scans to check for viruses or malware and protect devices with encryption. 

Even when taking the utmost precaution, hackers and cyber criminals are becoming increasingly sophisticated in their approaches and sometimes they can still break through. It’s important that in the event this does happen, that you have a cyber insurance policy in place to ensure you are covered for any profits lost, costs incurred and reputational damage. According to a report by SecurityToday, the global average cost of a data breach is $3.86 million, up 6.4% from 2017. Don’t set yourself up for a loss, get in touch with us today to discuss the right cyber insurance policy for you. 



Posted 20/08/19

Latest News from Ashley Page

Five ways business owners can prevent a cyber attack

28th October 2019

However big or small your enterprise may be, no business is exempt from falling victim to a cybersecurity attack. Learn how to minimise the risk.

Small Businesses: Human error is your number 1 Cyber Security risk

9th September 2019

Human error remains one of the biggest cybersecurity risks to small business owners. Read our guide on how to spot the most common threats.

Supply chain and Cyber Security risks

9th September 2019

Supply chains are at a greater risk of a cybersecurity attack, due to the large nature of chains and third party suppliers, learn about the risks…

What is the most common cause of a cyber incident in the hospitality industry?

29th August 2019

The digital nature of the hospitality industry makes businesses vulnerable to a cyberattack. In this post, we outline the most common causes.