IADS Exclusive: Fortifying the value chain: cybersecurity strategies for retail

The cyberspace is an increasingly interlinked web where risks are exacerbated by rising geopolitical tensions, speedy adoption of emerging technologies, and regulatory requirements. The growing elaborateness of value chains combined with the lack of oversight into the security levels of suppliers has been identified as the leading cybersecurity risk for organisations by the World Economic Forum’s Global Cybersecurity Outlook 2025. The report also concluded that the widening cyber skills gap is fuelling increased cyber inequity among industries and scales of organisations. 

The retail industry accounted for about 24% of all cybersecurity attacks in 2020ⁱ and faced more data breaches than any other industry.ⁱⁱ As of 2024, ransomware attacks on the retail industry have increased by 22%ⁱⁱⁱ. The rise of e-commerce has created new opportunities for cybercriminals to target retailers given the wealth of payment information as well as personally identifying characteristics that retailers possess. As the harnessing of data-driven technologies by retailers grows, cybercriminals have a larger target surface area to attack.  

Several brands and department stores have been targeted in recent years. In March 2025, IADS member El Corte Inglés faced a data breach involving sensitive information, including identification and contact details, as well as credit card numbers used for purchases. More recently, in April 2025, Marks & Spencer was cyberattacked by teenage hacker gang Scattered Spider that led to a GBP 700 million loss in valuation and an estimated impact of GBP 300 million on its profit followed by Harrods and the Co-op. In mid-July, Louis Vuitton reported a data breach of over 400,000 customers’ personal information that triggered an investigation by Hong Kong’s privacy watchdog. According to Grant Thorton, less than half retail businesses have a cyber-strategy in place which is below the global average (52%) for all businesses.^iv Given that large retailers collect immense amounts of data from their customers, cyberattacks pose operational and reputational risks. 

ⁱ  :  2020 Trustwave Global Security Report

ⁱⁱ :  6 ways hackers are targeting retail businesses

ⁱⁱⁱ :  Europe Retail Threat Landscape 2024

^vi :  Cyber security concerns in the retail sector

IADS provides its members with a weekly in-depth analysis on retail-oriented topics. 

*IADS Exclusives are for members only. You can subscribe to our Substack to recieve our weekly exclusives here.*