top of page

Why do cybercriminals target retailers?

With the retail industry being responsible for around 16% of the West Midlands economy making it the largest industry in the region, the need to protect the regions retailers has never been more prominent.

There are several reasons why the retail industry is of interest to cybercriminals, some of these include:

  • The large amounts of customer data that is collected, particularly through ecommerce and online shopping platforms.

  • Hackers know consumers generally re-use login details for multiple sites.

  • The vast supply chains involved in the operational side of retail and ecommerce present an opportunity for cybercriminals as retailers can't guarantee the cyber security of their suppliers.

  • Being easily exploitable as many retailers don't implement security processes such as two-factor authentication for customers.

  • Being able to exploit customer databases to send phishing emails pretending to be a legitimate business, to send malicious links, or include malware to cause harm to a device.

  • Point-of-sale systems (tills, card payment devices etc) present an opportunity for hackers to install malware so they can then record card details and pin numbers of customers.

A recent cyber attack on Yodel, a delivery and logistics firm for major retailers including the Very Group, led to delays and disruption to customer deliveries. The Very Group contacted their customers to make them aware of the incident and to reassure them that no customer payment or password information had been given to Yodel, meaning it wouldn't have been harvested in the attack against Yodel.

This incident shows the impact a supply chain cyber attack can have, the retail business was not the intended victim of the attack and having the correct measures in place, meant that the customer data wasn't impacted.

How can retailers protect themselves?

To help retailers in the #WestMidlands, we have created five top tips for you to take to help protect your business from a cyber-attack.

1. Use strong passwords and store them securely

Passwords are you first level of protection when it comes to securing your online accounts or customer data. Complex passwords can often be difficult to remember, which often leads to people choosing weaker passwords or repeating them across multiple accounts.

2. Double up your cyber protection

Two factor authentication otherwise known as 2fa, two-step verification or multi-factor authentication was designed to help stop cyber criminals accessing your accounts even if they obtain your passwords.

Below are instructions on how to turn on 2FA for the most common email systems and for four popular social media channels:

3. Regularly backup your data and isolate it Think about how much you rely on your business-critical data, such as customer details, quotes, orders, payment details or coursework/examination files for education establishments. Now imagine how long you would be able to operate without them.

4. Update your software and systems

Every piece of software your business uses whether this be payment transaction software or a digital stock management system, offers the potential for unauthorised access and exploitation. Regularly patching and installing software updates helps to protect your devices as the updates will expose new flaws and vulnerabilities. Cyber criminals use these flaws and vulnerabilities to attack your devices and steal your identity. Software and app updates are designed to fix these weaknesses and installing them as soon as possible will keep your devices secure.

5. Pay attention to detail Whilst people can often be the weakest link in the chain, if educated they can become your strongest asset in protecting your business. By training your employees to pay attention to the detail and be able to spot when things don't look right, you will be reducing your chances of becoming a cyber attack victim.

Find out how our security awareness training could help you here,


Improve your business’s cyber security with free membership at the Cyber Resilience Centre for the West Midlands

With this membership, you will receive regular tips and guidance on how to firm up your business’s cyber security. We have already produced checklists for you to follow to help you develop best practices, short and easy to follow videos that highlight how to spot the signs of a phishing attack and many other resources.

Receive your digestible welcome pack when signing up today and start protecting your business today.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page