Retail Cybersecurity Statistics

10 Retail Cybersecurity Statistics in 2023: The Rising Threat

10 Retail Cybersecurity Statistics in 2023: The Rising Threat

The biggest brands, such as Coca-Cola or Nike, can launch a new product and virtually guarantee it is successful.

The reason is simple, brand recognition.

These brands are so well known and respected that consumers assume the new product, (and existing ones), are worth buying. 

It’s great for profits, but not so good in other aspects.

Specifically, the better-known the brand, the more it is likely to be targeted by cybercriminals.

The retail cybersecurity statistics for 2023 below illustrate how big a problem this is. In short, the more successful the business the bigger the customer list.

That’s a lot of personal data which is very attractive to cybercriminals. 

Keeping customer data safe is essential, not just because of what cybercriminals can do with it.

The truth is, a data breach on a big brand business quickly becomes front-page news. 

That type of news will damage the public image of a company and consumers will lose confidence in it.

As most industries are highly-competitive, a loss of consumer confidence can have a huge effect on the bottom line. 

The following statistics demonstrate why all businesses, especially big brands, should be aware of cybersecurity.

Key Statistics

  • 98% of retail data breaches are financially motivated
  • The average data breach costs a company $3.28 million
  • 24% of cyberattacks are directed at the retail industry
  • 66% of retail companies are targeted by ransomware
  • 3 million more workers are needed to combat cyber threats
  • Phishing attacks on retail businesses increased by 29% in one year
  • E-commerce fraud attempts increase by 19% during holiday season
  • 43.4% of businesses have pci dss compliance
  • 50% of retail businesses haven’t secured internet devices
  • 34% of retailers cite security concerns are stopping their e-commerce development

Top Retail Cybersecurity Statistics in 2023

1. 98% Of Retail Data Breaches Are Financially Motivated

Retail Cybersecurity

The 2022 Verizon report showed that almost all cybersecurity incidents in the retail sector are motivated by financial gain. 

An impressive 98% of attacks aim to steal personal financial information, specifically payment details.

Unfortunately, the report suggests that in 25% of cases the cybercriminals were successful. 

Interestingly, in 45% of attacks, the cybercriminals also tried to extract personal data, potentially allowing ID theft in the future. 


2. The Average Data Breach Costs A Company $3.28 Million

Data breaches mean criminals steal financial information, allowing them to steal money from either consumers or directly from the company.

They can also steal identities to access more funds. 

In many cases, the hackers may even add ransomware, effectively forcing the company to pay to get the systems back online.

But, the bigger cost is in the damage it does to the company reputation, losing it sales in the future. 

The total cost of a data breach costs, on average, $3.28 million. That’s enough to close some businesses. 

(IBM Report)

3. 24% Of Cyberattacks Are Directed At The Retail Industry

The Trustwave review of the industry in 2020 discovered that retail businesses were targeted in 24% of all cyberattacks.

That’s significantly more than any other industry sector. 

It’s likely that this is due to the amount of personal and financial data held by retail companies.

However, it should also be noted that the retail sector has a high number of seasonal workers. 

In many cases seasonal workers are less concerned with cybersecurity or the business reputation, making it more difficult for the business to keep its data safe. 


4. 66% Of Retail Companies Are Targeted By Ransomware

Sophos is a cybersecurity firm. Their annual report showed that 66% of retail businesses had experienced a ransomware attack in 2022.

That’s roughly 75% more ransomware attacks than the 2020 survey showed. A significant increase!

Naturally, ransomware is a serious issue as companies either have to pay to access their data or lose all their data.

Whether a business pays or not will depend on when the data was last saved. 

Either way, it costs businesses a substantial amount. Worse, in most cases the ransomed data is not returned in full. 

(Sophos Report 2022)

5. 3 Million More Workers Are Needed To Combat Cyber Threats

The latest reports suggest that 4.1 million people are employed in the cybersecurity sector. That seems like an impressive number. 

However, the number and complexity of attacks is constantly increasing.

This is because the rewards are increasingly lucrative as more people use online services. 

For the cybersecurity industry to keep cybercriminals at bay, it’s estimated that another three million workers are needed to keep industries safe. 

It’s worth noting that technology by itself isn’t enough to protect any business.

The human element is essential, especially when fighting human cybercriminals. 

(ISC 2021 Cybersecurity Workforce Study)

6. Phishing Attacks On Retail Businesses Increased By 29% In One Year

The latest Verizon report on the industry shows a dramatic 29% increase in social attacks on businesses.

In most cases this is phishing although pretexting is increasing in popularity. 

Phishing is when an email is sent to multiple recipients.

It appears to originate from a genuine financial or similar institution.

The email will tell you there is an issue with your account and to log in to resolve it. 

Of course, a link is supplied.

When the link is clicked on it will either install malware onto your system, or take you to a login page which looks exactly like the genuine one. 

Related:  Cybersecurity Diversity Statistics in 2023

You’ll then be asked to enter your login details.

The cybercriminals will be able to see the details and use them to log into your account, quickly removing money and even applying for credit. 

Any business can lose a significant amount of funds this way. 


7. E-Commerce Fraud Attempts Increase By 19% During Holiday Season


The holiday season is generally the busiest time for retailers. In fact, reports suggest that retail sales increase by 14% during the holiday season. 

Unfortunately, increased sales means more money and more customer data.

In other words, the business becomes an even bigger target for cybercriminals. 

The Transunion report on the retail industry showed that e-commerce fraud attempts increase by 19% during the holiday season. 

Not all attempts are successful but the holiday season generally means additional staff and serious issues ensuring cybersecurity protocols are always followed.

To avoid becoming a victim of seasonal cyber fraud, all businesses need to maintain cybersecurity compliance and keep employees fully trained. 


8. 43.4% Of Businesses Have PCI DSS Compliance

A positive sign in the industry is the uptake of PCI DSS compliance.

This is a cybersecurity standard that all major credit and debit card processing businesses use. 

Its aim is to keep financial data safe. Businesses which adhere to this practice are less likely to lose financial data. 

Current reports show 43.4% of businesses are now PCI DSS compliant.

That’s a significant improvement but there are still plenty of businesses which need to comply. 


9. 50% Of Retail Businesses Haven’t Secured Internet Devices

It’s estimated that as many as 84% of retail businesses are using digitally connected devices to help communicate with customers and offer their services. 

Remote devices and other pieces of technology are essential to the survival of any business as it keeps them relevant and appealing.

However, these devices all need security or they are open to being hacked and data stolen. 

Unfortunately, post-covid, businesses have quickly increased their reliance on internet devices, 50% of the businesses haven’t got proper security on the devices. 

That means, a cybercriminal will find it very easy to access data and use it for their own gains. 


10. 34% Of Retailers Cite Security Concerns Are Stopping Their E-Commerce Development

The cost of cybersecurity can be prohibitive, especially to smaller retail businesses. This often prevents the companies from expanding.

However, according to the BDO report, cybersecurity concerns are a much bigger issue for retailers.

The report estimates 34% of retailers have plans to build or extend e-commerce but are currently unable to commit.

The reason commitment is impossible is retailers’ concerns over cybersecurity and the damage it could do to a business

A third of companies feel unable to proceed with expansion plans or digitalization until they have created a viable cybersecurity plan and implemented it. 


The Reasons Behind Cybersecurity Threats

As previously mentioned, retail businesses need to record personal and financial data to process digital transactions.

This information is essential to the purchasing process and retailers use it to help boost sales. 

Unfortunately, cybercriminals also like this data as it allows them to steal funds or simply sell the data to others. 

The traditional approach for a cybercriminal is to hack a system and take the data, there are several ways in which they can do this. 

The most obvious are phishing or brute force attacks, seeking to extract a password and access the system normally. 

However, data can also be vulnerable when it isn’t encrypted, while Near Field Communication systems are being used, and even thanks to software issues/vulnerabilities. 

All businesses need to be aware of these issues to protect themselves from data theft.

How To Reduce The Risk To Your Business

Retail Cybersecurity

As a retailer one of your biggest concerns should be cybersecurity and how to reduce your risk of a data breach.

There are several things you should be doing:


Retail businesses often have a high turnover of staff, that’s why cybersecurity training is often overlooked, staff aren’t with the company long enough. 

As a business owner it’s essential that every employee, regardless of status, get cybersecurity training and regular updates. 

This should highlight the risks associated with cybersecurity and what individuals can do to keep data safe. 

Password Managers

Hackers will always look for the weakest link. In many cases these are weak passwords.

All employees should be encouraged not to share passwords and to use a password manager/generator.

In fact, the business can create an account with NordPass which all employees can use. 

This doesn’t just encrypt passwords and keep them safely locked away. It can also generate strong passwords.

That’s passwords which are at least 12 characters long and use upper and lower case letters, numbers, and even special characters. 

A strong password is much more difficult for a hacker to get past. 

Back Up

As ransomware is a serious concern for businesses in the retail sector, it’s a good idea to back up your data, off-server, every evening.

This will give you a clean copy you can reinstall whenever you need it. 

The most you’ll lose is a day’s data and that’s probably better than the cost of paying a ransomware demand. 

It’s simple and effective, canceling out any ransomware attempt. 

Keep Up To Date

 All software programs can be targeted by hackers.

The software developers track hacks and technological advancements, then make adjustments to their software to ensure it is protected against cybercriminals. 

All you have to do is keep an eye open for updates and make sure your software is updated as soon as any are released. 

This reduces the likelihood of your systems falling to a cyberattack. 

Summing Up

The retail cybersecurity statistics for 2023 paint a bleak picture.

In short, the retail industry is under attack and there is little likelihood of these attacks stopping soon. 

In fact, reports and statistics suggest that these cyberattacks will become worse, placing additional pressure on businesses to find solutions and maintain the highest possible cybersecurity defenses. 

It is possible, every business needs to have staff dedicated to doing so. Remember, a loss of data can seriously damage the credibility of the business.

That makes the investment in cybersecurity worthwhile. 


FortinetThreat IntelligenceSecurity Boulevard
CSO OnlineCSO Online

Written by Kelly Indah
I’m the editor at Increditools and a dedicated cybersecurity expert with a robust technical background. With over a decade’s experience in the tech industry, I have worn many hats, from software developer to security analyst.