top of page

What cyber threats do retailers face?

After a tough 20 or so months for retailers, the extra footfall through the shop doors, whether physical or digital, is fantastic and more than welcome. However, that increase also presents an opportunity for cybercriminals to strike and launch their attack.

So, with that thought firmly in mind, The East Midlands Cyber Resilience Centre is warning retail businesses to step up their cyber security ahead of Black Friday and Cyber Monday, two of the busiest days of the year for retail and online stores, and then beyond into the festive season.

Why are we telling you this? Well, here are some stats and facts:

  • 16% of UK retailers said they had experienced a cyber-attack or an attempted attack every day according to recent research from Zynstra.

  • 98% of UK businesses are now operational online in one way or another, benefiting hugely from the use of online websites, social media accounts, online banking, and with the ability for customers to shop online and therefore shop 24/7. It is therefore no surprise that cybercrime is trending upwards.

  • Online shopping surged 30% amid the pandemic and in the run-up to Christmas 2020. 70% of shoppers bought goods online - significantly higher than the 55% in 2019. It is highly anticipated that this will increase again this festive season, following numerous news stories warning the public about stock shortages for items like festive food and gifts.

  • Last month, supermarket chain Tesco announced that their website and app were offline after a deliberate attempt was made to disrupt their services. In a similar incident, Costco suffered a data breach after finding a payment card skimming device had been set up in one of its warehouses.

Check out this quick video produced by our colleagues at the North East Cyber Resilience Centre for a visual representation...

So what cyber-attacks do retailers face? How can I combat these threats?

Point-of-Sale (POS) attacks

Point-of-sale (POS) cyber-attacks are a popular type of cyber-attack in the retail industry. POS attacks take place when malicious malware is installed on systems used to take payment so that the credit card details are stolen when it is used. This type of attack was used to attack American retail store Target, from this attack they recorded the theft in the region of 40 million customers debit and credit card records.

We recommend your staff periodically check your Point-of-Sale (POS) devices;

  • Look for anything loose, crooked, damaged, or scratched. Remove any card reader if you notice anything unusual. Make sure you are training all your employees to be on the lookout for these signs.

  • Be on higher alert in tourist areas or large shopping centres during busy shopping hours as there are popular targets.

  • Remember to keep your POS software up-to-date by installing software updates, which often contain important security patches implemented as a result of newly discovered vulnerabilities.

Insider threat

Given their relatively high staff turnover and use of seasonal workers, retailers also face a threat from employees. Often those who launch insider threat attacks are disgruntled current or ex-employees who are looking to cause trouble for the employer, whether this is financially or reputationally.

These types of attacks are often less technical and are usually able to take place when access has not been revoked or when a device containing sensitive information has been stolen and published online.

In a survey by the Ponemon Institute, over half of respondents admitted to taking information from a previous employer and 40% of those intended to use it in a new job. With lots of turnovers and seasonal workers, former or disgruntled employees can compromise data just by copying information onto a USB and walking out the door.

Remember your Supply Chains

As retailers, you will rely on a vast supply chain network to keep business and stock moving, but with the increased use of digital communications (email, WhatsApp and more) and cloud computing, your supply chain has become a common attack surface.

Your supply chain will be made of a network of vendors that support different aspects of your business. They are vulnerable because it’s common for vendors to have a small security budget or knowledge than you as a retailer. Even you as a retailer are fully compliant and secure, one vulnerable access point from your supply chain could lead to a massive problem that the retailer is ultimately responsible for.

One way to improve cybersecurity in the retail industry and avoid common POS problems is to have service level agreements (SLAs) between retailers and your vendors. These agreements set terms for how each party will conduct themselves, who will respond to issues, troubleshoot, and clarify expectations and goals. SLAs can be very helpful in keeping both retailers and vendors accountable to prevent security issues and any tension that can arise.


The state of ransomware in retail 2021 survey showed that 44% of all retail businesses were hit by a ransomware attack. Ransomware is a major type of attack retailers face, especially around key times of the year like Black Friday and the lead up to Christmas.

A ransomware attack sees cybercriminals put a halt on operations until the business pays the ransom, this type of attack usually costs a business a significant amount of money and can impact customer confidence.

Social media and business email compromise

Through its very nature, social media allows us all to share large amounts of information about ourselves online. Whether it’s a picture of your pet with their name and birthday or your job title and employers’ details, these are all golden nuggets for cybercriminals who are looking to gain unlawful access via employees who may have admin permissions to business systems.

The information posted on social media effectively forms clues for hackers and these clues could be used to obtain passwords or impersonate business users. One method often seen is when online accounts allow users to reset passwords if they enter a security question, the answers to this question is given away by the user’s social media posts. Once they have the answer to this question, they can reset the password and gain access whilst also locking the account owner out.


Phishing is the principle of hooking something valuable. It targets your employees who may be contacted via email, telephone or SMS by cybercriminals posing as a legitimate person or organisation. The fraudulent company or individual will lure employees into providing sensitive data such as personal information, banking and credit card details, and passwords.

Website application attacks

In this type of attack, hackers will exploit any vulnerabilities presented on the website that’s been targeted. These vulnerabilities include outdated software in the architecture and those in the platform used to create the website (the CMS). If updates are not installed and outdated software is not properly managed, these elements present opportunities for attacks to enter a business’s website and associated systems to potentially cause a catastrophic data breach.

To combat Website application attacks, we recommend a Web App Vulnerability Assessment. This service assesses your website and web services for weaknesses. We can assess the top 10 security risks to your website and attempt to identify any vulnerabilities.

Our report can then describe in plain language, what each weakness means to your business and the risks associated with each vulnerability. And give you a plan and guidance on how to fix those vulnerabilities. Contact us today to learn more.

How can the East Midlands Cyber Resilience Centre help me to avoid becoming a victim of one of these cyber-attacks?

To help, the East Midlands Cyber Resilience Centre has been established to provide businesses of all shapes and sizes with an affordable way to access cyber security services designed to help improve cyber resilience.

  • We offer a free information pack full of guidance, insights and information about what to do should you become a victim of cyber crime.

  • Free monthly newsletters containing updates on new threats and scams designed to help you stay safer.

  • Affordable cyber security services, from web asessments to staff awareness training.

  • We have access to 12 Cyber Essential Partners - essentially companies with vast technical knowledge who can help you in the event of an attack. We act as an impartial broker, referring you to a company who is best equipped to deal with your incident response measures. Our Cyber Essentials Partners are also official providers of Cyber Essentials and Cyber Essentials Plus Certification. Cyber Essentials is a simple but effective, Government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page