Retail Sector Cyber Threat Analysis

Following a string of high-profile attacks on UK retailers, the National Cyber Security Centre (NCSC) is urging increased cyber security vigilance to organisations operating within the sector.

The UK retail sector has seen a surge in ransomware attacks, with a 74% increase in Q1 2025. Explore our industry leading cyber security solutions and find out how we can secure your organisation today.

The UK Retail Sector is Being Targeted.

Globally, the retail sector accounted for nearly 18% of all data breaches in the first half of 2025, showing a notable increase from the previous year. 

In the UK, retail cyber incidents surged by 34% compared to 2024, with large high street and online retailers reporting ransomware, payment fraud, and third-party compromise. 

+ Marks & Spencer Cyber Attack

M&S recently confirmed a cyber incident on April 22nd 2025 - The UK retail giant saw a £650 million drop in market value since the attack, with stock shortages, loyalty programme disruptions, suspended e-commerce operations & disrupted contactless/card payments. This attack has been linked to the Scattered Spider hacking collective, with the fallout still ongoing.

+ Co-op Ransomware Attack

Similarly, UK based retailer Co-op recently fell victim to a ransomware attack. Temporarily disabling supply chain operations, self checkout systems and causing some IT systems to go offline. Attackers accessed the network using stolen VPN credentials. Recovery from the attack was completed within 72 hours.

+ Harrods Phishing Breach

The most recent cyber incident to hit British retail - Harrods department store in London was hit with a phishing-led intrusion. Attackers gained access to their network and the breach led to the attempted exfiltration of internal POS system data. Some backend systems were also temporarily suspended.

Download Our Retail Cyber Threat Intelligence Report:

Retail Sector Threat Trends:

Our cyber analysts have been analysing a shift in attacker motivations within the retail sector, with a notable increase in espionage-motivated attacks. While retail cyber threats were traditionally driven by financial motives, it appears that attackers are now increasingly moving to prioritise easier-to-access data exfiltration and espionage.

93%

800%

Retail Attack Methods

Our analysis has identified that system intrusion, social engineering and basic web application attacks represent 93% of breaches in the sector.

Threat Actors in Retail

Around 96% of breach attempts are launched by external threat actors, with around 3% of retail breaches coming from within the organisation, and only 1% from partner organisations.

Data Compromised During Retail Breaches

Of the data compromised from retail breaches over the past year - 65% was internal data from within the retailers themselves, 26% was credential data such as email addresses, passwords and login information & 12% was payment data such as card and bank details, mainly of customers. 30% was designated as “other”.

Threat Actor Motives in Retail

Our cyber analysis shows that whilst financial motivation still accounts for almost all retail breaches, espionage based attacks have risen from 1% last year to 9% this year - representing an 800% increase

What Methods Are Being Employed By Attackers?

+ Phishing Attacks

Phishing attacks employ deceptive emails, text messages or website links to try and trick individuals into revealing sensitive information like passwords or payment information.

Responsible for around 65% of retail breaches, phishing remains the most common attack vector.

+ Credentials & Account Takeovers

Accounting for just over half (55%) of all breaches, compromised accounts and takeovers from leaked employee credentials are another leading attack vector that cyber criminals are using to attack organisations across the UK retail sector.

+ Ransomware Attacks

Ransomware refers to a malicious software that encrypts a victim’s data and demands a ransom for its release.

Retail ransomware attacks surged by 74% during the first quarter of 2025.

+ Supply Chain Attacks

This type of attack shifts the focus to a supplier or service provider who operates within the supply chain of the main target, potentially causing sustained damages, costing millions in revenue disruption. 60% of retail breaches originate from vulnerabilities in third-party vendors.

How PureCyber Will Secure Your Organisation:

Comprehensive, 24/7 Active Threat Protection - Our combined cyber security solutions offer you a complete package of 24/7 protection, proactive threat intelligence, expert consultancy & real-world attack simulations to ensure you are prepared, compliant and secure.

Only need a particular service? Our team of expert cyber security and governance specialists will work alongside your organisation to offer support across a range of services:

Managed SOC Services:

From 24/7 Security Operations Centre (SOC) monitoring, to Threat Exposure Management (TEM), Vulnerability Scanning, Managed Detection & Response/Endpoint Protection, Phishing Simulations, Breach Monitoring and Incident Response, we have all the managed cyber security solutions you need to keep your network secure - safe in the knowledge that your systems are being monitored and protected by an expert team of cyber professionals.

Penetration Testing:

Identify potential vulnerabilities and weaknesses in your network/systems with Application Testing, Infrastructure Testing, Red Teaming & IT Health Checks. Our CREST certified team of penetration testers will push your network security to it’s limits, remediating vulnerabilities and offering insight into the health our your IT environment.

Governance Support:

Ensuring your organisation is compliant with regulatory requirements and expectations is the backbone of your organisational cyber security. As an NCSC Certified Assurance Provider, our consultancy services offer guidance and support in improving organisations cyber policies, achieving accreditations, auditing cyber posture and approach and reaching compliance standards.

Our certified team of Lead Auditors, Lead Implementors, and CISSP consultants are here to guide and support you on all aspect of your cyber security compliance needs including consultancy on CE, CEP & IASME, ISO27001, Incident Response Simulation, Cyber Security Audits, vCISO & Awareness Training.

Learn more about Cyber Security

  • Cyber Threats in the UK Retail Sector

    War on Retail:

    How Targeted Cyber Threats Are Shaping The UK Retail Landscape in 2025?

    The retail industry continues to face unprecedented cyber threats in 2025. As digital transformation accelerates, retailers find are finding themselves being increasingly targeted.

    Read More
  • The Importance of Incident Response

    The Importance of Incident Response:

    How M&S and the Co-op Responded to Crisis

    Two of Britain’s most recognisable retail brands, Marks & Spencer and the Co-op, recently found themselves on the front lines of the UK’s growing cyber crime crisis.

    Read More
  • Retail SIM Swap Fraud

    SIM-Swap Fraud:

    How the M&S attack vector should be a wake-up call for UK organisations

    The recent cyber attack on Marks & Spencer has exposed a growing and dangerous trend in the cyber security threat landscape - SIM-swap fraud.

    Read more