Over the years, the Retail sector has experienced significant changes in adapting to the growing technologies and retail services continue to evolve in enabling robust cybersecurity practices for safeguarding sensitive information, managing risks and in maintaining customer trust. However, Its rapid growth using Gen AI across various retailer activities including Personalisation, Inventory Optimization, Visual Merchandising, Marketing, Dynamic Pricing, Chatbots and Virtual Assistants and many more are undergoing a substantial transformation with the advent of generative AI risks in the recent times.
With enduring technological advancements, the level of dependency on consumer data and financial transactions are rising day by day with its unforeseen risks, offering enhanced accessibility for both customers and financial gateway institutions for predators. Based on recent studies and surveys, the increase of cyber incidents and ransomware attacks reported across various industries has affected across sectors, however, the retail sector has emerged as the most affected sector in 2025 with continuous unexpected attacks on M&S, Co-op and Harrods in the recent times which is a huge shake for the retail industries across the globe.
Despite global economic challenges, the retail sector in countries worldwide continues to innovate and adapt to digital transformation to meet the evolving needs of customers. New regulations and Standards, such as Product Security and Telecommunications Infrastructure (PSTI) Act, environmental, social, and governance (ESG), Consumer Credit Information (CCI) framework, SOC, ISO, PCI DSS, Data Privacy, Consumer Privacy, CCPA, PDPA, GDPR, NIST etc. need to be carefully analyzed, and controls need to be defined while adapting to emerging technologies in this digital transformation period.
Retail industries are expected to comply with standard and regulatory requirements from the design and implementation stage by creating a robust security framework and necessary processes in a manner to demonstrate compliance with these regulations/laws. It is important for a cybersecurity team to identify the information flowing in and out of the organization including third parties, service providers and sub-contractors ensuring the process is defined, assessed, monitored and managed to reduce risks.
CURRENT CHALLENGES
- Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015. At a growth rate of 15 percent year over year — Cybersecurity Ventures also reports that cybercrime represents the greatest transfer of economic wealth in history.
- Cyber-attacks on all businesses, but particularly small to medium sized businesses, are becoming more frequent, targeted, and complex. According to Accenture’s Cost of Cybercrime Study, 43% of cyber-attacks are aimed at small businesses, but only 14% are prepared to defend themselves.
- Software supply chain attacks hit three out of five companies in 2024
- Businesses Suffered 50% More Cyberattack Attempts per Week in 2024
- $43 billion stolen through Business Email Compromise
- Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC’s “2024 Ransomware Study.”
- The cyber threat is so pervasive that it is estimated to cost the world $10.5 trillion annually by 2025.
WHAT IS CHANGING IN THE RETAIL INDUSTRY
- Personalization
- Inventory Management
- Marketing and Advertising
- Customer Support
- Product Design and Development
- Enhanced Data Analytics
- Threat and Fraud Detection
- Cloud Migrations. Moving data to Cloud in Private/Public/Hybrid
- Mobile Banking
- Generative Artificial Intelligence (AI)
- Privacy Implementation across Geos for securing personal data
The most common trend in the retail industry today is the shift to digital transformation, specifically mobile and online banking to increase the availability, scalability and convenience for the customers to ease the consumption process. As availability increases in today’s era of unprecedented cyber threats, retail industries must take exclusive steps in enabling robust cybersecurity controls to use emerging technologies with ease. Cyber security concerns influencing online transactions are one of the biggest concerns.
Cybercrimes are increasing because of technology’s rapid growth and widespread applications without taking required security measures. Retail industries must invest in next-generation security solutions to enhance the existing security posture, continuous education in increasing the competencies of the security resources while adapting to new security trends and vigilance in their digital interactions.
RETAIL CYBER RISK BASE REQUIREMENTS AND RECOMMENDED SAFETY MEASURES
- Develop robust Security posture aligning to Enterprise Threat landscape
- Enterprise Risk Management
- Build Business Resilience acclimate to industry best stds.
- Real-time detection using continuous monitoring
- Giving visibility to the effects and the extent of damage by saving logs and analyzing data
- Continuing strengthening security methods to allow correct decisions to be made by putting these measures into practice, corporations can minimize the risks.
- Manage administrative privileges with appropriate authorization and authentication
- Cybersecurity Incident response plan in place.
- Training & Awareness.
WHAT TO EXPECT FOR RETAIL IN 2025 AND BEYOND
Day by Day the practices and approaches used by retail industries are not limited to one or two, its significantly changing the ways to address the challenges and manage them more effectively in today’s threat environment by adapting to various new gen security controls to increase the business and cyber resilience.
In today’s digital society in which ICT and Internet connectivity are indispensable, ensuring security controls are in place is one of the most essential requirements in various places to manage the organization culture effectively without getting preyed to predators. Also, it’s very important to change the old legacy models and integrate the current practices with the new gen. security models to stay business resilient. Some of the key elements to relook into are –
- Protection of an ever-increasing attack surface will gain importance.
- Cloud Security Assessments and Implementation.
- Gen AI (Artificial Intelligence) based automation for gap analysis and reducing incident response times.
- Automizing Manual Efforts in doing Risk Assessments, Stress Tests, Visualization and Reporting.
- 100% compliance with Data Privacy and Regulations.
- Global supply-chain issues will become data-protection issues.
- Need for DPO (Data Protection Officer) will be in high need.
The objective of data security planning and controlling in the current threat landscape is to minimize the risk of data loss and safeguard the data across the organization. Data security is an ongoing process that needs to be understood, adapted, and align to industry best standards to stay resilient in nature.
Knowing the emerging threats and vulnerabilities prevailing in the environment, Retail Industries should continuously adapt to the changing needs in processes, regulations and methods with technology and constantly evolve as per the growing threats and emerging trends.
Post contributed by Kavitha Srinivasulu – Tata Consultancy Services
