With the retail industry evolving at a rapid rate, technological innovation has played a critical role in offering a competitive advantage to retailers.
However, while technology brings immense benefits, it also introduces vulnerabilities that need to be addressed. Technologies such as Gen AI are helping to transform the industry by combating common customer pain points and increasing operational efficiency. Yet, as we embrace these advancements, it is equally important to prioritise robust cybersecurity measures to safeguard against potential cyber risks.
In 2024 we have seen a plethora of cyberattacks hit industries all across the board – with security teams wondering how to maintain a secure environment for their customers going forward.. Recent statistics from the British Retail Consortium’s 2024 Crime Survey Report have shown that 57% of retailers reported an increase in cyberattacks and breaches, and at least 90% have reported that cyberattacks have either stayed the same or increased yearly since 2015. This is a clear reminder of the persistent and escalating digital risks faced by the industry that need to be addressed in 2025.Here’s how I see such threats evolving in the next 12 months:
Balancing innovation and risk with Gen AI
As AI becomes deeply integrated into retail operations, the risks surrounding misuse are dramatically escalating. For instance, an AI-driven customer service chatbot can be manipulated by malicious actors, potentially leading to unauthorised access to sensitive customer data.
In the coming year, cybersecurity experts predict attackers will increasingly target Generative AI models used by retailers, creating significant potential for operational disruptions and data breaches. These AI systems, now critical to retail operations, are vulnerable to sophisticated attacks that could compromise customer service efficiency and expose critical business vulnerabilities.
The core risk lies in the sophisticated ways attackers can exploit AI’s complex decision-making processes, turning what was once a technological advantage into a potential security liability. Retailers must recognise that their AI systems are not just technological tools, but potential entry points for cybercriminal activities.
Rising supply chain attacks during peak shopping periods
The complexity and distribution of digital ecosystems make them prime targets during high-demand periods. For example, as we have seen in the past, cyberattacks that hit supply chains can cause major delays and financial loss. These incidents underscore the vulnerabilities in supply chains during peak times of the year.
In 2025, expect a rise in supply chain attacks during the holiday season, targeting ecommerce platforms and logistics providers, which could disrupt product availability and shipping.
A heightened focus on third party management
The newly instated NIS2 Directive in Europe emphasises the importance of third-party risk, pushing companies to enhance oversight. Any data breach involving a third-party vendor must be disclosed – in turn affecting customer trust and even stock prices in some instances.
In 2025, retailers will face heightened scrutiny over third-party risk management, with greater demand for transparency and accountability in managing these relationships during high-risk periods.
Rises in identity attacks on consumer profiles
During the 2025 holiday shopping season, cybersecurity experts anticipate a significant surge in identity-based attacks targeting online retailers, with credential stuffing, phishing, and social engineering emerging as primary threats. These attacks leverage stolen login credentials, automated tools, and sophisticated psychological manipulation to compromise consumer accounts, even bypassing multi-factor authentication.
Attackers will exploit the high-traffic volume of seasonal shopping, using tactics like fake sale notifications, spoofed customer support communications, and social media impersonation to hijack accounts, conduct financial fraud, and steal personal information. The complexity of these attacks stems from combining technological tools with emotional exploitation, making consumers particularly vulnerable during peak shopping periods – when they are distracted, excited, and more likely to lower their digital guard.
Globalisation leading to disruption
The interconnectedness of global trade today also means that disruptions in one region can have cascading effects. As we saw in early 2024, a geopolitical conflict in Eastern Europe disrupted supply chains for several luxury brands, leading to product shortages globally.
In 2025, retailers will need to enhance their situational awareness of geopolitical risks, particularly those affecting supply chains and consumer confidence during the holiday season.
Securing B2B transactions: Protecting the purchasing process
B2B transactions are increasingly becoming targets for sophisticated cyberattacks. In 2024, a leading global manufacturer reported a breach in its B2B platform that exposed sensitive transaction data, forcing the company to overhaul its security protocols and suspend operations temporarily.
In 2025, large manufacturers and distributors must focus on securing B2B transactions and purchasing journeys through investments in end-to-end encryption and secure APIs.
What does the future hold for cybersecurity in the retail industry?
In the coming year, retailers must stay alert against emerging cyber threats, ensuring the protection of customer data while eliminating any scams or fraudulent activities. With scams becoming more and more sophisticated, retailers will need to keep extra vigilant to best protect customers and comply with regulation.
In the next year, the retail cybersecurity landscape requires exceptional vigilance, forward-thinking strategy, and proactive risk management. .As technological advancements, evolving cyber threats, and more sophisticated attack methods intersect, retailers must recognise cybersecurity as not just a technical issue, but as an essential business priority. The organisations that succeed will be those able to seamlessly embed strong security measures, ensure regulatory compliance, and uphold customer trust within an increasingly complex digital landscape.
About the Author
Dan Holden is CISO at BigCommerce. BigCommerce (Nasdaq: BIGC) is a leading open SaaS and composable ecommerce platform that empowers brands and retailers of all sizes to build, innovate and grow their businesses online. BigCommerce provides its customers sophisticated enterprise-grade functionality, customization and performance with simplicity and ease-of-use. Tens of thousands of B2C and B2B companies across 150 countries and numerous industries rely on BigCommerce, including Burrow, Coldwater Creek, Francesca’s, Harvey Nichols, King Arthur Baking Co., MKM Building Supplies, Ted Baker, United Aqua Group and Uplift Desk.
