The retail industry’s cyber defenses are under increasing scrutiny. From customer details to financial information, a retailer's assets are attractive targets for cyber criminals to exploit.


An ever-changing retail cyber security landscape

The rapid growth of online retail, alongside in-store technology, has created many vulnerabilities for cyber criminals to exploit.

Intricate supply chains are also a fundamental part of retail. Not only are these difficult to manage, but they also often have access to a retailer’s systems. The Target attack in 2014 is probably the most well-known attack on a supply chain. Attackers gained a foothold in a contractor’s network and this is proving a popular method as the security measures are often less sophisticated.

Assessment of the security capabilities of third party business partners has emerged as priority for many retail and consumer companies. In-store payments are also in a state of flux. Out-dated card payment technology has been blamed for many breaches worldwide. [1]

Retailers are focusing on advanced technologies such as point to-point encryption, next-generation firewalls and tokenization. Despite widespread compliance to payment card industry (PCI) standards, cyber criminals have taken retailers by surprise.

With innovative use of technology becoming crucial for all retailers in order to attract and retain customers, effective security strategies are becoming more important than ever.

An effective security strategy must address actual, as opposed to merely perceived, threats. It must directly counter the erosion of online consumer trust.

The growth of online retail has meant many retailers have both a high street and web presence. But the threats on the Internet are diverse, with everything from cyber squatting, to phishing and watering hole attacks are putting retailers and their customers at risk.

How we can help

Solutions Lightbulb

  • Executive management education & assurance on cyber security
  • Cyber security strategy, risk advice & health checks
  • ISO27001 & PCI DSS consultancy
  • Supply chain security posture discovery
  • Internal & external penetration testing of infrastructure, web and mobile apps
  • Red teaming & social engineering
  • Point of sale & payment device deep dive security assessments
  • Technology focused security assessments of innovative & emerging solutions
  • Cyber incident response, including malicious code discovery and analysis

[1] PwC (2016) -

Contact us

Send us an email