Formed in 2014 as the home of the Retail and Hospitality Information Security and Analysis Center (ISAC), it operates as a central hub for sharing sector-specific cyber security information and intelligence. The association connects information security teams at the strategic, operational and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for the retail and hospitality industries through collaboration.

RH-ISAC currently serves companies in the retail, hospitality, gaming, travel and other consumer-facing entities.

As an official partner of the IADS, members have access to conferences, events and other resources, including their blog and podcast episodes.

Check them out below!

Read the blog

Listen to the podcast

Visit the RH-ISAC website

What: RH ISAC reviews cybersecurity threats from the 2022 holiday season.

Why it is important: For the retail, hospitality, and travel community, the holiday season is the most intense time of year for consumers and cybersecurity professionals facing persistent threats. From the beginning of October through the end of December, cyber threats to organizations expand in both scale and intensity to match the rise in consumer traffic.

In order to examine the threat landscape facing members during theholiday season, RH-ISAC developed this report, the 2022 RH-ISAC Holiday Season Threat Trends Summary. The report is in three parts:

1. Member Perspectives: In which key subject matter experts from leading member organizations provide their insights into their current defensive preparations.
2. Threat Landscape: Where the RH-ISAC team examines the threat trends reported by the member community for the 2020 and 2021 holiday seasons from a historical and analytical perspective.
3. Associate Member Analysis: In which threat analysts from RH-ISAC associate member Flashpoint provide their perspective on the current holiday season threat landscape based on their research and data.

2022 holiday season cyber threat trends

What: For the retail, hospitality, and travel sectors, RH-ISAC reviewed the Verizon report and identified the key trends and findings most relevant to the community and the key industries listed that most closely align with their community's sectors of retail and hospitality.

Why it is important: This report compares some of the key takeaways from the Verizon Report with RH-ISAC's own member data, providing additional context

to help members benchmark their threat landscape against a wider community.

Across all industries surveyed, Verizon reported core metrics and trends:

» The most common attack methods were: stolen credentials, ransomware, and phishing

» The most commonly targeted data were: payment data, personally identifiable information (PII), credentials, intellectual property, and non-sensitive data

» 73% of breaches were executed by external actors, and 18% of breaches were executed by internal actors

» 39% of attacks originated with third-party vendors

» 82% of incidents resulted from human error, and these errors were split between clicking on phish links and failing to follow standards which resulted in business email compromise.

» Most indicators of compromise (IOCs) had relatively good value for blocking

» Hashes had relatively low value, but IP addresses, domains, network artifacts, tools, and TTPS all were valuable for blocking

2022 industry insights report

What: Cybercriminals are exploiting legitimate remote monitoring tools to infiltrate logistics networks, enabling large-scale cargo theft and disrupting retail supply chains.

Why it is important: The use of trusted IT tools for cyber-enabled theft exposes critical vulnerabilities in retail supply chains, demanding urgent investment in security and risk management.

A financially motivated threat group has been targeting the freight and logistics industry since June 2025, orchestrating a sophisticated campaign that merges cyber intrusion with physical cargo theft. By distributing legitimate remote monitoring and management (RMM) software such as ScreenConnect and SimpleHelp through spear-phishing and compromised load board accounts, attackers gain undetected access to logistics networks. Once inside, they manipulate core systems, delete legitimate freight bookings, and coordinate the fraudulent transport of high-value goods, mainly food and beverage products. This approach allows them to bypass traditional security measures, as RMM tools are often whitelisted within organizations. The campaign’s indiscriminate nature affects both small carriers and large supply chain providers, highlighting the vulnerability of the entire retail ecosystem. The blending of cyber and physical tactics demonstrates a deep understanding of logistics workflows and underscores the urgent need for retailers and their partners to reassess security protocols, invest in robust risk management, and foster cross-sector collaboration to protect inventory and maintain operational continuity.

IADS Notes: RH-ISAC’s April 2025 report details critical cyber threats to retail and hospitality, with third-party breaches accounting for 41% of incidents and average ransomware losses of $1.4 million. Retail Week and Inside Retail, in August and May 2025 respectively, highlight major attacks on supply chain providers and the resulting operational and financial impacts. The December 2024 ransomware attack on Blue Yonder further illustrates the widespread disruption cyber-enabled threats can cause across global retail logistics networks.

RH -ISAC Cybercriminals exploit remote monitoring tools to infiltrate shipping and logistics networks

What: Holiday 2025 is marked by record retail sales, shifting consumer behaviours, and escalating cybersecurity threats impacting the retail, hospitality, and travel sectors.

Why it is important: Rising cyber threats and changing consumer behaviours during peak season reinforce the need for cross-sector collaboration and investment in digital infrastructure.

The 2025 holiday season presents a complex landscape for the retail industry, characterised by record-breaking sales figures and significant shifts in consumer behavior. While overall spending remains strong, with forecasts reaching up to $1.62 trillion, there is a notable divergence among age groups, as younger consumers, particularly Gen Z, are reducing their holiday budgets. This evolving consumer landscape is further complicated by the increasing integration of digital channels, with ecommerce and mobile commerce playing a pivotal role in driving sales. However, this digital transformation has also heightened the sector’s vulnerability to cyber threats, as evidenced by a surge in high-profile breaches and ransomware attacks targeting major retailers. The convergence of retail, hospitality, and travel sectors amplifies both the opportunities and risks, necessitating greater collaboration to address shared challenges. As retailers adapt to these dynamics, the focus on operational resilience, robust cybersecurity measures, and innovative customer engagement strategies becomes essential to sustaining growth and maintaining consumer trust during the most critical sales period of the year.

IADS Notes: Deloitte’s September 2025 forecast projects holiday retail sales to reach $1.62 trillion, while PwC’s September 2025 report highlights a generational divide with Gen Z reducing holiday spending. The Retail Bulletin and Retail Week, both in August 2025, detail a surge in cyberattacks and the urgent need for stronger digital infrastructure across the sector. Visa’s February 2025 analysis underscores the increasing convergence of retail, hospitality, and travel, emphasising the necessity of cross-sector collaboration and resilience to address evolving risks and consumer expectations.

RH -ISAC 2025 Holiday season cyber threat trends report