Estimated reading time: 5 minutes
High-Cost Breaches Raise the Stakes
When Marks & Spencer (M&S) announced a cyberattack that will cost about £300 million (~$400 million) and wipe almost £700 million off its market value, the retail world sat up. A week later, Co‑op revealed that a “malicious” cyberattack had hit its profits by £80 million. These headline-grabbing figures show that retail chains can pay very high prices when cyber threat actors strike. M&S found some comfort in their cyber insurance policy, which reportedly paid £100 million. But the maelstrom has enveloped the industry, making cyber resilience a business imperative.
Rising Cyber Attacks Force Retailers to Act
Retailers face a surge in cyberattacks as threat actors exploit AI tools. LevelBlue’s new Spotlight Report shows an industry under strain and racing to build cyber resilience. The report states that “67% of executives say media reports of high-profile breaches have pushed cybersecurity up the C-suite agenda”.
The pressure comes as attackers increase strike volume. 44% of retail executives report a significantly higher volume of attacks. 34% say their organisation suffered a breach during the past year.
Employees also face rising confusion. 63% of executives believe it is becoming harder for workers to identify real threats due to AI-enhanced deception.
Confidence Outpaces Preparedness
Retail leaders’ confidence does not align with defensive readiness. 49% say they are highly competent at defending against AI-enabled adversaries. Yet the report notes that only 25% feel prepared for AI-powered attacks, even though 45% expect them. Only 33% feel ready to defend against deepfake attacks, despite 44% expecting them within a year.
The report warns that organisations risk complacency if overconfidence prevents realistic assessments. Executives must “acknowledge the risks surrounding unknown unknowns” to avoid blind spots in their cyber resilience posture.
Cybersecurity Moves Into Strategy Discussions
The report shows that cybersecurity now influences business strategy. Retailers view cyber resilience as a foundation for trust and innovation. 44% report successful alignment between business risk appetite and cybersecurity risk management.
Still, only 37% allocate cybersecurity budgets at the start of new projects. The report finds that this significantly lags the global average. This gap limits secure innovation, especially as retailers push AI-powered shopping models and new marketplace platforms.
AI adoption continues despite security hesitations. Only 32% of executives express reluctance to adopt AI tools due to cyber risks. The press release highlights the concern, noting that “many of them remain unprepared” for AI-powered threats.
Organisational Culture Shifts Toward Shared Responsibility
Siloed approaches to cybersecurity continue to weaken resilience. Retailers are making progress, though unevenly. 60% of executives say their cybersecurity teams now integrate with lines of business. 51% say leadership roles include cybersecurity performance indicators. 40% say their organisation maintains a company-wide cybersecurity culture.
Some barriers show improvement. The percentage of executives who view leadership’s lack of cyber prioritisation as a barrier fell dramatically from 35% in 2024 to 17% in 2025. Governance awareness shows similar improvement.
Workforce training still lags. Only one-third of retailers used external training support during the past year, despite rising threats and growing complexity.
WATCH – UK Retail Cyber Event | Cyber Monitoring Centre Breaks Down Marks & Spencer Attack
Attack Vectors Grow More Complex
Threat actors continue to weaponise AI to scale and personalise attacks. Retail executives expect a broad range of attack types in the next 12 months. More than 45% expect ransomware, phishing, account takeover, software supply chain attacks, and AI-powered attacks. The report states that attackers use AI to “craft more persuasive phishing messages” and create deepfakes for fraud campaigns.
Preparedness remains low across almost every attack category. Less than two-thirds of retailers feel prepared for any expected attack type.
Investment Focus Turns to Application Security
Retailers plan to strengthen defences with targeted investments. The report shows the top investment areas:
- Application security: 66%
- Cyber-resilience processes: 65%
- Generative AI for social engineering defence: 63%
- Machine learning for pattern matching: 63%
- Only 32% invest significantly in Zero Trust Architecture, a concerning gap given its value in reducing lateral movement risks.
Get the Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Software Supply Chain Risks Remain Underestimated
Supply chain threats remain a critical weak point. 47% of executives acknowledge a lack of visibility into their software supply chain. Few recognise its severity. Only 16% view open-source software risks as “very high,” and only 12% say insufficient visibility poses significant danger.
Retailers also under-invest in supply chain security. Only 22% say they prioritise engaging suppliers on security credentials. The same number invests significantly in software supply chain protection.
The report warns that attacks through software supply chains allow attackers to infiltrate ecosystems quietly and move laterally. These silent threats can spread malware to thousands before detection.
LevelBlue’s Four Steps for Strengthening Cyber Resilience
The report outlines four actions for retailers building cyber resilience:
- Push cyber resilience up the organisation. Integrate leadership oversight and measure cybersecurity performance.
- Embed cybersecurity responsibilities. Expand training, reporting processes, and cultural support.
- Be proactive. Adopt Zero Trust frameworks and advanced detection technologies, and engage external expertise.
- Prioritise supply-chain resilience. Increase visibility and require supplier security documentation.
- The press release reinforces this call, stating that a “resilience-by-design playbook” is essential for defending clients, suppliers, and organisational data.
Related Cyber Insurance and Cyber Resilience Posts
