Retail in Focus

A Sector in the Crosshairs

The retail sector is operating under extreme pressure as the threat landscape rapidly intensifies. Across all industries analysed in Security Navigator 2026, Retail experienced the single largest year‐on‐year surge in cyber extortion (Cy‐X) victims: + 84% rising to 311 confirmed victims between October 2024 and September 2025 - the highest relative increase of any sector.

Retailers face a dual-front threat. While 40% of incidents originate externally, the majority of detections now stem from internal sources (57%), driven by endpoint misuse, misconfigurations, and identity‐related incidents. End‐user devices illustrate this perfectly: they now represent 52% of all impacted assets, more than any other category. This report distils the most relevant retail insights from Security Navigator 2026, exploring the intersection of external criminal pressure, internal weaknesses, and systemic supply‐chain dependencies that uniquely heighten risk for the retail sector.

Research-driven insights to build a safer digital society

• First-Hand Operational Data: Insights derived from Security Operations Centre (SOC) client data and first-hand research from a leading security services provider.
• Analysis of Major Breaches: Practical case studies of high-profile retail incidents, including attacks on Marks & Spencer and Harrods.
• Threat Actor Intelligence: Observations on prominent Cy-X groups like Cl0p, Qilin, and Ransomhub and their pivot toward targeting retail.
• Identity and Asset Risks: In-depth review of how end-user devices have become a critical vulnerability, representing 52% of all impacted assets.
• Expert Perspectives: Commentary from industry experts on the challenges of protecting a frontline workforce and the value of customer personal data to adversaries.
• Call for Collaboration: Research-backed argument for retailers to share threat intelligence and move toward a unified defense against collaborative cybercrime gangs.