28 August 2025 | Insight

Cyber Threats in Retail

The first half of 2025 has served as a wake-up call for the retail industry. A wave of cyber incidents targeting high-profile retail brands such as Marks & Spencer, Victoria’s Secret, Cartier, and The North Face revealed alarming variations in crisis preparedness, incident response, and resilience. These breaches weren’t just inconvenient; they were disruptive, attracted negative publicity, and, in M&S’s case, legal action.

This recent spate in cyber incidents shows a clear evolution in tactics and targets. Attackers are no longer focused solely on stealing credit card data. Today, they leverage Multi-Factor Authentication (MFA) fatigue, helpdesk impersonation, and compromised third-party vendors to orchestrate highly coordinated ransomware and extortion campaigns, often timed for maximum impact during earnings season or busy trading periods.

While some retailers, like Harrods and Co-op, managed containment effectively, others faced prolonged operational downtime. Victoria’s Secret, for instance, struggled to release regulatory filings on time. M&S’ online shopping was suspended and core IT systems went offline for weeks which left some shelves empty, resulting in £300m in lost profit and a 15% drop in share value.

The sophistication of these incidents mirrors a broader shift across the last decade:

  • Mid 2010s: Point of Sale (POS) malware and the theft of static credit card data theft were the primary concerns, especially amongst large US retailers.
  • Late 2010s: As e-commerce boomed, a surge in credential stuffing and account takeover fraud emerged, targeting customer loyalty accounts as much as payment data.
  • Early 2020s: Attackers shifted to exploiting cloud vulnerabilities and using widespread, indiscriminate ransomware.
  • Mid 2020s: Operational disruption and data theft are now intertwined.

 

Cyber Threats in Retail 2

Lyndsey Bauer
Lyndsey Bauer
Managing Director, Cyber

2025 versus 2010s

The retail breaches of 2025 mark a clear shift from the US hacks of the mid-2010s. While both exposed systematic weaknesses, the tactics have evolved.

  • Sophistication & methodology: The US attacks relied on malware infecting point-of-sale (POS) terminals, whereas the recent retail breaches are more focused on social engineering and exploiting internal IT support vulnerabilities.
  • Data impact: The US breaches led to widespread card theft leading to huge financial fraud risks. the more recent incidents have focused more on personal data compromise, with limited evidence of mass payment card theft.
  • Detection & response: Compared with 2010, retailers are more aware of cyber risks and have better resources to manage them. At the same time, the industry’s tight margins mean IT is increasingly embedded in operations – so any incident can have major consequences.

Despite these differences, incidents from both eras highlight the same underlying risks: complex digital ecosystems, human and third-party exposure, and increasingly sophisticated attackers. The takeaway? Retailers need agile, well-rehearsed cyber strategies to stay ahead.

 

Insurance implications

For retailers, the insurance implications from cyber risk are significant and demand immediate attention. While most standard cyber policies cover incident response, liability for breaches, and loss of profit (BI), gaps remain, particularly for dependent business interruption (DBI) and physical damage caused by cyber events. Operational technologies and the Internet of Things (IoT) connected systems, which are increasingly prevalent in retail, risk being left uninsured if current policy frameworks remain unchanged.

To address this unpredictable environment, retailers must adopt a proactive defence.
This includes:

 

  1. Enhanced threat detection: Actively monitor networks for early warning signs of breach, such as unusual login patterns, lateral movement or sluggish system performance.
  2. Harden defences: Strengthen security protocols with a focus on employee training to better defend against sophisticated phishing and social engineering campaigns. Ensure that all employees have strong passwords set for their accounts.
  3. Regular rigorous and independent testing: Third-party penetration tests and red team exercises to identify and mitigate vulnerabilities before they can be exploited by criminals.
  4. Comprehensive insurance review: Undertake a thorough analysis of all cyber insurance coverages with a specialist broker. This must involve a granular review of policy wordings, paying close attention to definitions, conditions, and exclusions related to DBI and physical damage arising from a cyber event.

 

The digital battlefield is no longer confined to screens and servers; it now extends to supply chains, automated warehouses, and the devices that power them. The evolution of cyber threats from simple data theft to coordinated operational disruption means that preparing for an attack is no longer just an IT issue, it’s a core pillar of business resilience.

At Price Forbes, we’re committed to helping clients develop cyber insurance strategies that match the complexity of the threats they face, so when the next breach hits, they’re not just protected, they’re resilient. Contact our specialist team today for a comprehensive review of your cyber insurance strategy.

Let's Talk

Our insurance experts are always on hand to talk about ways we can join forces to take on the future.

Get in touch