top of page
  • Writer's pictureJared Thompson

What Cyber Threats do Retailers face?

After some tough years for retailers, the extra footfall through the physical or digital shop doors is fantastic. Unfortunately, however, the increase also presents an opportunity for cybercriminals to strike and launch their attack.

The North West Cyber Resilience Centre is warning retail businesses to step up their cyber security ahead of another busy period for retail and eCommerce stores. Don't forget membership is free for retail businesses; sign up today.

16% of UK retailers said they had experienced a cyber-attack or an attempted attack every day according to recent research from Zynstra.

98% of UK businesses are now operational online in one way or another, benefiting hugely from online websites, social media accounts, and online banking. However, with the ability for customers to shop online 24/7, it is no surprise that cybercrime is trending upwards.

Online shopping surged 30% amid the global pandemic and the run-up to Christmas 2020. As a result, 70% of shoppers bought goods online - significantly higher than 55% in 2019. It is highly anticipated that this will increase this festive season again, following numerous news stories warning the public about stock shortages for things like festive food and gifts.

£45 training banner

Cyber Attacks on Retailers Making the Headlines

In October of 2021, supermarket chain Tesco announced that their website and app were offline after a deliberate attempt was made to disrupt their services. In a similar incident, Costco suffered a data breach after finding a payment card skimming device set up in one of its warehouses.

In April of 2022, The Works made the heads when the UK retailer was forced to close some stores, with others forced only to transact using cash after they were faced with a cyber-attack. Many stores then met the knock-on effect of delayed stock arriving and some customers having online orders deliveries arrive much later than promised.

The Works said all debit and credit card transactions were processed outside its systems by third parties, so the attack had not compromised customer payment data. But the company was forced to hire forensic cybersecurity experts to investigate the attackers and didn't know if other data had been accessed.

If your business doesn't have an existing Incident Response plan, we can help you create one. Download our checklist to help prepare for, respond and recover from cyber incidents and ensure you know you're critical commercial and legal implications when dealing with a cyber incident.

In December 2021, supermarket chain Spar was attacked online on its IT systems. This affected around 330 SPAR stores across the North of England, impacting the stores’ ability to process card payments. This attack forced several SPAR stores to close or only take cash payments. The National Cyber Security Centre and Lancashire Constabulary were brought in to investigate the attack.

What cyber-attacks do retailers face? How can I combat these threats?

Point-of-Sale (POS) attacks

Point-of-sale (POS) cyber-attacks are a popular type of cyber-attack in the retail industry. POS attacks take place when malicious malware is installed on systems used to take payment so that credit card details are stolen when it is used. For example, this type of attack was used to attack the American retail store Target; from this attack, they recorded the theft in the region of 40 milcustomers'mers' debit and credit card records.

We recommend your staff periodically check your Point-of-Sale (POS) devices;

  • Look for anything loose, crooked, damaged, or scratched. Remove any card reader if you notice anything unusual. Ensure you train all your employees to be on the lookout for these signs.

  • Be alert in tourist areas or large shopping centres during busy shopping hours as there are popular targets.

  • Remember to keep your POS software up-to-date by installing updates that often contain critical security patches implemented due to newly discovered vulnerabilities.

Insider threat

Given their relatively high staff turnover and use of seasonal workers, retailers also face a threat from employees. Often those who launch insider threat attacks are disgruntled current or ex-employees looking to cause trouble for the employer, whether financially or reputationally. These types of attacks are often less technical. They can usually occur when access has not been revoked or when a device containing sensitive information has been stolen and published online.

In a survey by the Ponemon Institute, over half of the respondents admitted to taking information from a previous employer and 40% of those intended to use it in a new job. With many turnovers and seasonal workers, former or disgruntled employees can compromise data by copying information onto a USB and walking out the door.

Remember your Supply Chains

As retailers, you rely on a vast supply chain network to keep business and stock moving. Still, with the increased use of digital communications (email, WhatsApp and more) and cloud computing, your supply chain has become a standard attack surface.

Your supply chain will comprise a network of vendors supporting different aspects of your business. They are vulnerable because it’s common for vendors to have a small security budget or knowledge than you as a retailer. Even if you as a retailer are fully compliant and secure, one vulnerable access point from your supply chain could lead to a massive problem for which the retailer is ultimately responsible.

If your supply chain is based in Merseyside, they can sign up for our fully-funded program, including Security Awareness Training, Security Policy Templates & a 1-2-1 consultation! So get them signed up today!

One way to improve cybersecurity in the retail industry and avoid common POS problems is to have service level agreements (SLAs) between retailers and vendors. These agreements set terms for how each party will conduct themselves, who will respond to issues, troubleshoot, and clarify expectations and goals. SLAs can be very helpful in keeping both retailers and vendors accountable to prevent security issues and any tension that can arise.


The state of ransomware in the retail 2021 survey showed that a ransomware attack hit 44% of all retail businesses. Ransomware is significant attack retailers face, especially around critical times of the year like Black Friday and the lead-up to Christmas.

A ransomware attack sees cybercriminals halt operations until the business pays the ransom; this attack usually costs a company significant money and can impact customer confidence.

Social media and business email compromise

Through its very nature, social media allows us all to share large amounts of information about ourselves online. Unfortunately, whether it’s a picture of your pet with their name and birthday or your job title-employers’yers’ details, these are all golden nuggets for cybercriminals looking to gain unlawful access via employees who may have admin permissions to business systems.

The information posted on social media effectively forms clues for hackers, and these clues could be used to obtain passwords or impersonate business users. One method often seen is when online accounts allow users to reset passwords if they enter a security question; the user’s social media posts give the answers to this question. Once they have the answer to this question, they can reset the password and gain access while locking the account owner out.


Phishing is not to be confused with fishing and being stood on a riverbank with bait and a rod; it's the principle of hooking something valuable.

Phishing is when your employees are contacted by email, telephone or SMS by cybercriminals posing as legitimate persons or organisations. The fraudulent company or individual will lure employees into providing sensitive data such as personal information, banking and credit card details, and passwords.

Website application attacks

In this type of attack, hackers will exploit any vulnerabilities presented on the website that's been targeted. These vulnerabilities include outdated software in the architecture and those in the platform used to create the website (the CMS). For example, suppose updates are not installed, and outdated software is not potentially managed correctly. In that case, these elements present opportunities for attacks to enter a business's website and associated systems to cause a catastrophic data breach.

To combat Website application attacks, we recommend a Web App Vulnerability Assessment. This service assesses your website and web services for weaknesses. For example, in plain language, we evaluate your website's top 10 security risks and attempt to identify any vulnerabilities.

Our report can then describe what each weakness means to your business and the risks associated with each vulnerability. And give you a plan and guidance on how to fix those vulnerabilities. So contact us today to learn more.

How can the North West Cyber Resilience Centre help me to avoid becoming a victim of one of these cyber-attacks?

To help, the North West Cyber Resilience Centre has been established to provide retail and eCommerce businesses of all shapes and sizes with an affordable way to access cyber security services designed to help improve cyber resilience.

  • We have a free membership for all businesses in the North West; becoming a member will enable you to receive a welcome pack full of practical resources and tools designed to help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection.

  • Through your membership, you will also get regular updates on new threats designed to help you stay safer. So sign up today or contact us to receive a 1-2-1 consultation to see how we can support your business through training, guidance and affordable security services.

Free Membership banner for retail


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page