The retail industry is vulnerable to cyberattacks, with cybercriminals stealing millions of dollars annually. And as these attacks get more sophisticated, they become more challenging to detect and stop.
Our research shows statistics, patterns, and trends of retail cybersecurity over the past few years that continue to impact the industry.
7 Key Retail Cybersecurity Statistics (Editor’s Pick)
- There were 241 data breaches in the retail sector in 2021.
- 32% of retail businesses experienced a security breach in 2021.
- Social engineering attacks in the retail industry grew by 29% in 2021.
- 28% of retailers had formal zero-trust strategies in place in 2022.
- E-commerce lost up to $41 billion to online payment fraud globally in 2022.
- In December 2021, a ransomware attack affected 330 UK SPAR stores.
- The financial impact of ransomware on the retail sector in 2021 was $1.27 million.
Infographic
General Retail Cybersecurity Statistics
1. There were 241 data breaches in the retail sector in 2021.
87% of these breaches were through external factors, and 98% were financially motivated. Likewise, these attacks occurred from 629 confirmed incidents in the retail industry.
2. 55% of retailers surveyed claimed increased cyber attacks in 2021-2022.
There was also an increase in the complexity and impact of these attacks.
3. Retail organizations typically had smaller security operations centers than other industries in 2022.
8% of retail firms had more than 50 full-time cybersecurity employees, and 33% believed their cybersecurity team was understaffed.
Furthermore, only 9% of surveyed retail organizations had the required four basic security policies, a fall compared to 14% in 2018.
4. 32% of retail businesses experienced a security breach in 2021.
Of these, 20% experienced ransomware attacks, whereas 27% of the attacked brands were willing to pay a ransom if necessary.
Another 48% of the surveyed retail brands had a detailed plan in place in the event of a ransomware attack.
Retail Cybersecurity Statistics by Incident Type
5. 77% of retail organizations suffered ransomware attacks in 2021.
In a survey of 422 retail respondents across 31 countries, the ransomware attack volume represented a 75% increase over the 44% similar attacks in 2020.
Coupled with that, the retail industry had the second-highest ransomware attacks across all sectors.
6. In 2021, 68% of retail organizations had their data encrypted during ransomware attacks.
However, the overall industry average for such occurrences was 65%.
Compared to a cross-sector average of 31%, only 28% of those surveyed in the retail sector could stop the data encryption attack.
7. Retailers were likely to pay ransomware attackers in 2022.
Compared to the 37% in other industries, 51% of attacked retail organizations paid off their ransomware attackers.
8. In 2021, 99% of ransomware-hit retail organizations suffering from data encryption recovered some of their data.
73% of retail organizations restored data from backups, a 17% increase from 2020.
49% paid a ransom to regain their data, 32% used other means to restore it, and 46% used more than one method to recover their data.
9. Malware was one of the primary sources of cybersecurity attacks in the retail sector in 2022.
It was named the most common type of cyberattack by 65% of retailers.
Ransomware came next, with 52% citing it as the leading source of cyberattacks in the industry.
10. The retail and wholesale industry had the most phishing attacks of all sectors in 2021.
There was an over 400% increase in phishing attempts in the sector in 2021.
11. Social engineering attacks in the retail industry grew by 29% in 2021.
These attacks included phishing, pretexting, and other social engineering attacks.
Additional Reading:
Retail Cybersecurity Statistics by Impact
12. The financial impact of ransomware on the retail sector in 2021 was $1.27 million.
This was down from $1.97 million in 2020 but still slightly higher than the overall sector average of $1.4 million.
13. The retail industry had the second-highest cyber insurance rate against ransomware in 2021.
88% of retail businesses had cyber insurance against ransomware attacks, higher than the average of all sectors (83%).
14. Ransomware had a significant impact on retail businesses in 2021.
The attack impacted the daily operation of 92% of attacked retail businesses, while it affected the business revenue of 89%. This was higher than the global average of 90% and 86%, respectively.
15. 28% of retailers had formal zero-trust strategies in place in 2022.
While 53% without zero-trust strategies planned to implement one to secure their database.
Major Retail Cybersecurity Attacks Statistics
16. In February 2021, fashion retailer “Guess” experienced a ransomware attack.
The attack included theft of its customer data, but the cost and number of individuals affected were not disclosed.
17. Bonobos lost a 70-gigabyte SQL backup file through its third-party cloud provider’s hack in January 2021.
The file contained over 7 million shipping addresses, 1.8 million registered customer accounts, and 3.5 million partial credit card records.
18. In May 2020, Neiman Marcus Group’s database was hacked.
This gave the hacker access to various customer information and impacted 4.6 million people who were only informed in September 2021.
Retail Cybersecurity Statistics by Frequency
19. Cybercrimes became an increased risk and threat priority for 58.6% of retailers between 2016 and 2021.
43.1% said it was “somewhat more” of a priority, while 15.5% claimed it became “much more” of a priority for them.
20. E-commerce lost up to $41 billion to online payment fraud globally in 2022.
This is predicted to increase to $48 billion in 2023.
21. Only 33% of retailers prioritized multifactor authentication as a cyberattack preventative measure in 2022.
This was despite 55% experiencing a data breach at least once.
Retail Cybersecurity Statistics by Demography
22. In December 2021, a ransomware attack affected 330 UK SPAR stores.
This incident caused the retailer to go offline for several days, affecting their business operations.
23. A ransomware attack impacted 500 Coop stores across Sweden in 2021.
The primary incident was against the network of IT supplier, Visma Esscom, resulting in Coop’s payment systems being taken offline.
Be on Guard
Cyber attacks on the retail industry are increasing by the hour, costing retailers and their customers millions annually. Whether you own a small or large retail business, you remain a target for cybercriminals looking to make money through these attacks.
Thus, you must protect your company and its customers by implementing solid cybersecurity programs to avoid falling victim to these attacks.
A look at our phishing statistics will provide you with more information about one of the significant retail cyber threats to be aware of.
- https://www.isc2.org/-/media/ISC2/Research/2021/ISC2-Cybersecurity-Workforce-Study-2021.ashx
- https://www.helpnetsecurity.com/2022/04/25/global-phishing-trends/
- https://securityboulevard.com/2022/12/the-state-of-cybersecurity-in-retail/
- https://www.statista.com/statistics/1273177/ecommerce-payment-fraud-losses-globally/
- https://assets.sophos.com/X24WTUEQ/at/ms85vsqz3sx9tnmnkh3bp5r/sophos-state-of-ransomware-retail-2022-wp.pdf
- http://rhisac.org/wp-content/uploads/RH-ISAC-Analysis-of-Verizon-DBIR-2022-2.pdf
- https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2022.pdf
- https://cdn.nrf.com/sites/default/files/2022-09/National%20Retail%20Security%20Survey%20Organized%20Retail%20Crime%202022.pdf
- https://cdn.nrf.com/sites/default/files/2021-08/2021%20National%20Retail%20Security%20Survey%20updated.pdf
- https://interfacesystems.com/wp-content/uploads/2023/02/Cybersecurity-infographic.pdf
- https://cpl.thalesgroup.com/blog/data-protection/cybersecurity-breaches-in-retail-industry
- https://cpl.thalesgroup.com/sites/default/files/2022-11/2022-data-threat-report-retail-in.pdf
- https://www.threatintelligence.com/blog/retail-cybersecurity
- https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
- https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf