Cyberattacks have become a near-daily threat to British businesses. According to a 2024 report from the Royal Institution of Chartered Surveyors (RICS), over 25% of UK businesses were victims of a cyberattack last year. It’s part of a broader trend: organised cybercriminals, including some with state affiliations, systematically targeting the retail sector.
This Spring’s wave of attacks has highlighted the scale of the threat, and some ransomware groups clearly sense weakness in the sector. Every payout has made them stronger, bolder, and harder to stop. For the state-backed attackers, they’re working for a double reward: a hit to the affected country’s GDP, as well as an under-the-table payout from a company with their back against the wall.
Retail businesses are uniquely attractive – and vulnerable – targets for attackers. Their mountains of sensitive customer data, including personal details and payment information, make them prime targets. Meanwhile, they operate on cash flow, so any disruption to trade will have significant consequences in their long-term operations.
To protect cardholders’ information, as of March 31st, all UK retailers who accept card payments must comply with the PCI Data Security Standard (DSS). The problem is that only 14.3% of businesses had achieved full compliance as of 2023. It’s a tough bar for retailers to clear, but it exists for a reason. Anybody who shops with a card, provides a delivery address, or shares their email for an e-receipt should care about whether retailers take these measures seriously.
To learn Warren’s full thoughts, read the full article in IT Pro.
If you’re exploring your cyber capabilities and looking to understand your risk factors, read more about our cybersecurity services or get in touch to speak with an expert.