Getting your Trinity Audio player ready...
null

Retailers face growing cyber threats, particularly through their IT systems and email. These systems, integral to business operations, can become vulnerable entry points for cybercriminals seeking to exploit customer data. Understanding these threats and implementing robust defences is crucial for maintaining business reputation and customer trust.

The impact of cyber attacks on retail giants

In the United Kingdom cyber attackers managed to cripple some of the country's biggest retail businesses — Marks & Spencer (M&S) and the Co-op Food chain highlight the vulnerabilities. Initial cyber attack access is believed to involve tricking employees through social engineering, with reports of compromised credentials and potential abuse of IT helpdesk processes.

Social engineering focuses on the people in a business, tricking individuals into divulging information which allows them access into business systems1.

The attacks resulted in widespread disruption to operations, revenue and reputational damage, locking the businesses out and accessing huge quantities of customers' personal information.

In the case of M&S the iconic retailer was unable to accept contactless payments in store or operate online for almost two weeks, 200 of its workers lost shifts and there were empty shelves around the country.

The ongoing duration of the cyber impact has been due to a ransomware attack that encrypted the company's server after hackers stole a database of passwords2.

The Co-op Food network and department store Harrods also have sustained cyber attacks, with cyber criminals claiming to have the private information of 20 million people who signed up to Co-op's membership scheme.

The hackers revealed their first extortion to Co-op security via the British media and the data breach details of 10,000 customers, as well as claims they targeted business executives in the blackmail attempts.

Cyber threats to Australian retailers

Australian retail is also a prime target for threat actors, with 24% of cyberattacks aimed at the sector3. The increased reliance on systems for operational continuity including eCommerce sales, large volumes of customer data and high dependency on supply chains have made the industry attractive to threat actors.
Since COVID-19 there has been an accelerated uptake of eCommerce platforms and online services, dramatically increasing the attack surface for financially motivated cybercrime groups. With 48% of retail organisations lacking a comprehensive ransomware prevention policy, retailers are seen as easy targets.
Cyber attacks on retailers aren't limited to eCommerce businesses: ransomware, data breaches and compromised suppliers/vendors can cause significant operational disruption and lead to reputational damage unless the incident is dealt with swiftly.
What is most concerning is that the attack method and threat vectors vary from attack to attack which makes prevention extremely challenging.
Examples of this include The Good Guys which suffered an attack via a third-party4, Retail Apparel Group5 which fell victim to a ransomware attack and 14 million customer records which were exposed from Latitude Financial6 affecting customers such as David Jones and JB Hi-Fi.
The risk to the retail sector is further compounded by an increase in regulatory scrutiny following the Optus and Medibank breaches with regulators increasing audits and enforcements.
Proactive investment in cybersecurity, third party risk management and compliance are now essential to survive in the current cyber threat landscape.

Strengthening cybersecurity: key strategies for retailers

Retailers can take proactive steps to mitigate the risk of cyber attacks, enhance cyber security and help protect their business.

  1. Employee training: Regular training enables staff to recognise and resist social engineering attempts and empowers them to defend the business.
  2. Vulnerability scanning: Investing in systems to monitor and identify weaknesses in digital infrastructure helps protect entry points for cyber criminals. Penetration testing, a form of ethical hacking, allows for a deeper understanding of your vulnerabilities by assessing your systems from an attack rather than defensive approach.
  3. Multi-factor authentication (MFA): Strengthen account security by making use of MFA to make it harder for criminals to gain access to accounts through stolen or reset passwords. Evaluate MFA methods as not all are equal and attackers are constantly looking at ways to bypass weaker methods.
  4. Incident response planning: Creating a plan that can be swiftly implemented in the event of a cyber attack can make a vast difference to its impact and severity. Plans should consider all eventualities and include effective communication strategies to maintain business and stakeholder confidence during disruptions.
  5. Cyber insurance: Consider business cyber insurance to support recovery efforts, minimise financial impact and get the business back to fully operational status.

Building a resilient cyber defence strategy in retail

  • Stress-test business continuity and crisis response plans for cyber attacks to ensure readiness for ransomware impacts, including fallback procedures for manual ordering, inventory control and rapid restoration of key services. It is also vital to test crisis communications plans, to be able to maintain confidence and trust across customers, suppliers and, for listed organisations, shareholders.
  • Financial preparedness to survive large-scale operational disruption and test financial resilience. Costs from business interruption — and the costs of IT recovery — can quickly escalate, so ensure access to capital and/or adequate insurance protection to facilitate recovery.
  • Supply chain cybersecurity by improving cyber security rigour across service providers and IT vendors, particularly IT support desks and third-party suppliers. Understand dependencies and quantify risks to safeguard against potential breaches.
  • Access and identity management calls for the implementation of stringent access controls to prevent privilege escalation and reduce exposure to social engineering attacks7.

Gallagher cyber defence solutions

At Gallagher we offer tailored cybersecurity solutions to help retailers strengthen their cyber risk management strategies. Our cyber security experts are ready to assist in enhancing your cyber profile. Connect with us to explore how we can support your business.

Connect with us

Sources

1 Number of reported scams in Australia in 2023, by category, Statista, May 2024

2 Marks & Spencer breach linked to Scattered Spider ransomware attack, Bleeping Computer, April 2025

3 Understanding Cyber Security: The Human Factors, Australian Retail Association, October 2023

4 The Good Guys customers possibly affected by data breach at former third-party provider My Rewards, ABC News, February 2023

5 Major Australian Women Fashion Store Hit by Cyberattack, Customer Data at Risk, The Cyber Express, February 2024

6 Almost 330,000 customer documents stolen in cyber attack on lender Latitude Financial, SBS News, March 2023

7 'Cyber Monitoring Centre Statement on Ransomware Incidents in the Retail Sector, Cyber Monitoring Centre, June 2025

Disclaimer

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312