Cyber threats aren’t just a big business problem. Recent high-profile attacks on Marks & Spencer, Co-op, and Harrods might make it seem like only major companies are at risk, but that’s far from the truth. While big names make the headlines, cybercriminals often breach smaller businesses. In fact, the impact to smaller organisations can sometimes be worse as they have limited resources or even a disaster recovery plan to enact.
Retailers face significant exposure to cyber risks due to the nature of their operations, including high volumes of online transactions and the handling of sensitive customer data. This combination can make them vulnerable to a range of cyber threats, including ransomware attacks that exploit the industry’s reliance on high-value, always-on systems. The retail sector consistently ranks among the top ten industries most affected by cyber incidents, with 48% of UK retail businesses reporting at least one cyber-attack in the past year. These statistics are those found in the most recent Cyber Security Breaches Survey 2025 with 43% of businesses questioned having suffered a cyber-attack in the last 12 months.
Retailers should take steps to protect themselves and their customers in and the following list provides good practice to help ensure resilience online:
- Risk assess. All retailers should classify the risk of customer data to help ensure any sensitive information such as bank details are protected.
- Spotting scams. The best defence for online crime is an educated workforce. Staff should be kept up to date with how to spot and report scams as human error remains the weakest security link across all businesses.
- Zero trust. By following the principle of ‘Never Trust, Always Verify’, employees can only access data that they are authorised to.
- Recovery plans. When a cyber-attack does occur, it can be difficult to know what to do. The NCSC Small Business Guide: Response & Recovery can help with implementation of a recovery plan. The NEBRC can also help with this. For further information contact us at: [email protected].
Sign up for our free core membership to stay up to date with the latest cyber security updates and gain access to a wealth of handy resources.
The NEBRC is an independent, police-led not-for-profit organisation that seeks to educate, inform, and support businesses in the North East, Yorkshire and The Humber regions on how to protect themselves from online crime and fraud through good cyber security practices.