2026 Unit 42 Global Incident Response Report
What: Retailers globally faced a sharp rise in sophisticated cyber attacks in 2025, with significant operational and financial consequences.
Why it is important: These incidents demonstrate how cybersecurity has become a core business risk, directly impacting profitability and customer trust.
In 2025, the retail sector experienced a marked increase in sophisticated cyber attacks, resulting in substantial operational disruptions and financial losses. Ransomware and third-party breaches emerged as dominant threats, with average losses per ransomware incident reaching $1.4 million and operational downtimes averaging 72 hours. High-profile attacks on major retailers such as M&S, Co-op, and Harrods exposed critical vulnerabilities, with M&S alone suffering a £300 million profit impact and a £700 million market value loss. These events have driven up cyber insurance premiums and underscored the inadequacy of existing digital security frameworks, as only a small fraction of retailers possess mature core security. The frequency and severity of these incidents have transformed cybersecurity from a technical concern into a central business risk, compelling retailers to prioritize resilience, proactive monitoring, and robust incident response strategies to safeguard both operations and customer trust in an increasingly hostile digital environment.
IADS Notes: The 2026 Unit 42 Global Incident Response Report’s findings on the scale and sophistication of cyber incidents in retail are strongly echoed by recent industry analyses. RH-ISAC’s April 2025 report revealed that ransomware now accounts for 30% of all retail cyber incidents, with third-party breaches responsible for 41% and average losses per ransomware attack reaching $1.4 million, while operational downtimes average 72 hours. Retail Week’s August 2025 coverage of attacks on major UK retailers such as M&S, Co-op, and Harrods highlighted the sector’s acute vulnerabilities, with M&S alone suffering a £300 million profit impact and a £700 million market value loss, driving a 10% rise in cyber insurance premiums. The Retail Bulletin in August 2025 noted that only 18% of retailers possess mature digital core security, and high-profile breaches have resulted in significant financial and operational disruption. Inside Retail in May 2025 emphasised that coordinated attacks have transformed cybersecurity from an IT concern to a core business risk, directly affecting market value and customer trust. By July 2025, Retail Week reported that 80% of top UK retailers faced at least one critical cyber threat, underscoring the urgent need for improved visibility, proactive monitoring, and industry-wide resilience.


