top of page

What Cyber Threats do Retailers face?

After a tough 18 months for retailers, the extra footfall through the shop doors whether physical or digital is fantastic. However, the increase also presents an opportunity for cybercriminals to strike and launch their attack.

The Cyber Resilience Centre for the West Midlands is warning retail businesses to step up their cyber security ahead of Black Friday and Cyber Monday, two of the busiest days of the year for retail and online stores.

16% of UK retailers said they had experienced a cyber-attack or an attempted attack every day according to recent research from Zynstra.

98% of UK businesses are now operational online in one way or another, benefiting hugely from the use of online websites, social media accounts, online banking, and with the ability for customers to shop online and shop 24/7, it is to no surprise that cybercrime is trending upwards.

Online shopping surged 30% amid the global pandemic and in the run-up to Christmas 2020. 70% of shoppers bought goods online - significantly higher than the 55% in 2019. It is highly anticipated that this will increase again this festive season, following numerous news stories warning the public about stock shortages for things like festive food and gifts.

In October of 2021, supermarket chain Tesco announced that their website and app were offline after a deliberate attempt was made to disrupt their services. In a similar incident, Costco suffered a data breach after finding a payment card skimming device had been set up in one of its warehouses.

What cyber-attacks do retails face? How can I combat these threats?

Point-of-Sale attacks

Point-of-sale (POS) cyber-attacks are a popular type of cyber-attack in the retail industry. POS attacks take place when malicious malware is installed on systems used to take payment so that the credit card details are stolen when it is used. This type of attack was used to attack American retail store Target, from this attack they recorded the theft in the region of 40 million customers debit and credit card records.

We recommend your staff periodically check your Point-of-Sale (POS) devices;

  • Look for anything loose, crooked, damaged, or scratched. Remove any card reader if you notice anything unusual. Make sure you are training all your employees to be on the lookout for these signs.

  • Be on higher alert in tourist areas or large shopping centres during busy shopping hours as there are popular targets.

  • Remember to keep your POS software up-to-date by installing software updates, which often contain important security patches implemented as a result of newly discovered vulnerabilities.

Insider threat

Given their relatively high staff turnover and use of seasonal workers, retailers also face a threat from employees. Often those who launch insider threat attacks are disgruntled current or ex-employees who are looking to cause trouble for the employer, whether this is financially or reputationally. These types of attacks are often less technical and are usually able to take place when access has not been revoked or when a device containing sensitive information has been stolen and published online.

In a survey by the Ponemon Institute, over half of respondents admitted to taking information from a previous employer and 40% of those intended to use it in a new job. With lots of turnovers and seasonal workers, former or disgruntled employees can compromise data just by copying information onto a USB and walking out the door.

Remember your Supply Chains

As retailers, you will rely on a vast supply chain network to keep business and stock moving, but with the increased use of digital communications (email, WhatsApp and more) and cloud computing, your supply chain has become a common attack surface.

Your supply chain will be made of a network of vendors that support different aspects of your business. They are vulnerable because it’s common for vendors to have a small security budget or knowledge than you as a retailer. Even you as a retailer are fully compliant and secure, one vulnerable access point from your supply chain could lead to a massive problem that the retailer is ultimately responsible for.

One way to improve cybersecurity in the retail industry and avoid common POS problems is to have service level agreements (SLAs) between retailers and your vendors. These agreements set terms for how each party will conduct themselves, who will respond to issues, troubleshoot, and clarify expectations and goals. SLAs can be very helpful in keeping both retailers and vendors accountable to prevent security issues and any tension that can arise.


The state of ransomware in retail 2021 survey showed that 44% of all retail businesses were hit by a ransomware attack. Ransomware is a major type of attack retailers face, especially around key times of the year like Black Friday and the lead up to Christmas.

A ransomware attack sees cybercriminals put a halt on operations until the business pays the ransom, this type of attack usually costs a business a significant amount of money and can impact customer confidence.

Social media and business email compromise

Through its very nature, social media allows us all to share large amounts of information about ourselves online. Whether it’s a picture of your pet with their name and birthday or your job title and employers’ details, these are all golden nuggets for cybercriminals who are looking to gain unlawful access via employees who may have admin permissions to business systems.

The information posted on social media effectively forms clues for hackers and these clues could be used to obtain passwords or impersonate business users. One method often seen is when online accounts allow users to reset passwords if they enter a security question, the answers to this question is given away by the user’s social media posts. Once they have the answer to this question, they can reset the password and gain access whilst also locking the account owner out.

Phishing Phishing, not to be confused with fishing and being stood on a riverbank with bait and a rod, it’s the principle of hooking something valuable. Phishing is when your employees are contacted by email, telephone or SMS by cybercriminals posing as a legitimate person or organisation. The fraudulent company or individual will lure employees into providing sensitive data such as personal information, banking and credit card details, and passwords. Website application attacks In this type of attack, hackers will exploit any vulnerabilities presented on the website that’s been targeted. These vulnerabilities include outdated software in the architecture and those in the platform used to create the website (the CMS). If updates are not installed and outdated software is not properly managed, these elements present opportunities for attacks to enter a business’s website and associated systems to potentially cause a catastrophic data breach. To combat Website application attacks, we recommend a Web App Vulnerability Assessment. This service assesses your website and web services for weaknesses. We can assess the top 10 security risks to your website and attempt to identify any vulnerabilities. Our report can then describe in plain language, what each weakness means to your business and the risks associated with each vulnerability. And give you a plan and guidance on how to fix those vulnerabilities. Contact us today to learn more. How can The Cyber Resilience Centre for the West Midlands help me to avoid becoming a victim of one of these cyber-attacks? To help, the Cyber Resilience Centre for the West Midlands (WMCRC), has been established to provide businesses of all shapes and sizes, with an affordable way to access cyber security services designed to help improve cyber resilience. We offer a free core membership to businesses in the West Midlands, becoming a member will enable you to receive a welcome pack full of practical resources and tools, designed to help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer. Sign up via or get in touch with us to receive a one-to-one consultation to see how we can support your business.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page