Security incidents and data breaches targeting the retail industry have increased by more than 100 per cent over the past three years, according to a new report from Kaspersky that maps the threat landscape facing retailers in 2026 and outlines the cybersecurity measures businesses must implement to remain resilient.

Retail is consistently among the most attacked industries globally, with sensitive customer data — including payment information and loyalty card details — routinely targeted for fraud, dark web sale, or identity theft. Localized breaches, the report warns, rapidly escalate into systemic disruptions: a recent attack on Marks & Spencer paralysed operations for weeks and resulted in an estimated 300 million pound loss.

Five Priority Threat Vectors

Kaspersky identifies five key areas where retail organisations are most exposed. Data protection risks have grown sharply as AI-driven personalisation requires vast collections of sensitive consumer data, creating expanded attack surfaces including AI data poisoning, prompt injections, and API leaks across supply chain platforms. Regulatory costs for a data breach at a large retailer — including fines, SLA penalties, and legal fees — are estimated at US$91 million.

Social engineering remains a persistent vulnerability, with 64 to 86 per cent of breaches involving non-malicious human actions. Attackers are increasingly deploying AI-generated deepfakes and voice cloning, and exploiting collaboration tools like Microsoft Teams to reach employees directly. Payment systems face threats from Man-in-the-Browser and Man-in-the-Middle attacks, POS system compromises, and DDoS attacks estimated to cost US$20,000 per hour in downtime losses.

Supply chain exposure is also underestimated: 30 per cent of retail sector attacks involve partners and suppliers, yet only 9 per cent of executives rank supply chain attacks as their top cybersecurity concern. Advanced Persistent Threat (APT) toolsets, once reserved for nation-state actors, are now accessible to ordinary cybercriminals due to AI proliferation and public leaks.

“Cybersecurity should never become a barrier for business growth, but serve as a smart, well-informed and well-equipped digital guard — the one that knows exactly what to protect and how to mitigate any risky situation.” — Yury Novikov, Head of Channel, Kaspersky

Building a Resilience Framework

Kaspersky recommends that retail organisations define critical assets and industry-specific threats, implement Identity Management and Zero Trust controls, conduct mandatory supplier security evaluations, and deploy Extended Detection and Response (XDR) platforms for unified visibility. Managed Detection and Response (MDR) services are highlighted as a practical path to enterprise-grade cyber resilience for resource-constrained organisations.