Cyber

This is the third in our retail resilience series. Check out our first two: Paying the Price: Enhancing the Retail Sector’s Resilience to Scattered Spider and Cl0p and Cyber Risk in UK Retail: A Golden Quarter Under Threat.

The Retail Risk Blind Spot

The Kroll Cyber Threat Intelligence team has observed a sharp increase in cyberattacks on the retail sector year-on-year, with a spike in ransomware and double extortion campaigns. It is clear that retail is under attack, but, as global consultancy McKinsey once pointed out, companies frequently plan for unpredictable black swan incidents yet often overlook more common gray rhino risks. This tendency to focus on the unlikely rather than the everyday has serious implications for a sector facing numerous threats.

The impact can be seen in high profile and devastating security events such as the attack on UK retailer Marks & Spencer in April 2025, which led to four months of downtime and all of the company’s profits being wiped out. An attack on Jaguar Land Rover halted production for five weeks, led to a 17.1% drop in retail sales for the July-September quarter and cost the company £1.9 billion. As these examples demonstrate, cyberattacks create immediate financial and operational strain for retailers. Alongside the obvious challenges, financial stakeholders face liquidity pressure, covenant risk and insurance uncertainty. Legal teams must coordinate breach notifications, manage vendor liability and oversee forensic investigations that meet regulatory standards. Boards are required to navigate governance challenges and demonstrate control readiness. Private equity firms must assess portfolio-wide exposure and recovery maturity. The ripple effect runs from operations to finance to compliance and demands coordinated and decisive action in a highly pressured environment.

By taking on a resilience mindset and understanding the impact more common risks have, impact can be mitigated.

Retail as a Lucrative Target

Whether you think a cybersecurity bad actor is a nation-state or a 15-year-old in a hoodie, they operate as a business. They are looking for a return on investment just as much as the executives of retail firms and other businesses. Retail offers attackers a great return for a whole host of reasons:

• The sector is an environment rich with data such as personally identifiable information (PII), trade secrets and intellectual property—all of which is potentially valuable to threat actors.
• Retail goes through waves in consumer and business cycles, where pressure mounts for an acute period of time. This creates leverage for a bad actor to strike at a point of vulnerability, knowing that an executive team or investor-base may not withstand that attack, and is probably more open to giving in to the request.
• Many retail businesses are at risk as a result of outdated and unpatched technology due to a lack of investment in security or fears that security updates will disrupt the buyer’s experience.
• Retail businesses have many complex third-party relationships. From payment processors to logistics providers, these are all access points for threat actors.

The Value of a Resilience Mindset

With so many risk factors and commercial pressures, it is vital that retail companies and their boards view resilience as a journey. This means going beyond cybersecurity to include physical assets, people, technology infrastructure and more. It also means understanding the interconnectedness of third parties and management of risk across the supply chain.

Small and medium-sized businesses represent a significant risk to retailers and other large organizations. Many of these will not have had the investment to upgrade their systems or extend their security monitoring as the IT infrastructure and business changes. This can leave open security gaps which could be taken advantage of by an attacker to target the larger retailer utilizing the small or medium-sized business as an attack vector. At Kroll, we’re directly addressing these challenges for SMBs through a new partnership with CrowdStrike. Bringing together technical excellence with Kroll’s world leading independent cyber advisory team, means that SMBs can build their cyber resilience, ultimately strengthening the resilience of the supply chain and larger organizations that rely on them.

Understanding this broader context to cyber resilience will allow organizations to move away from viewing cybersecurity as a cost center and, instead, look at it as a value protection mechanism.

Similarities in Private Equity

Interestingly, we see a similar pattern emerging in private equity firms. Capital market upticks mean more transactions and that often puts cyber resilience on the backburner. Similar to the retailers, a failure to establish and maintain a resilience mindset means that vulnerabilities open up and attackers are ready and waiting to take advantage. In the private equity world, we see this having a direct impact on deal value, as renegotiations and costs are incurred as a result of cybersecurity issues.

Advance Your Resilience with Kroll

Kroll helps retailers to safeguard against and manage disruption through integrated cyber, financial and operational support. We offer 24/7 threat monitoring, incident response and tailored threat intelligence to strengthen cyber defenses. We enable retail leaders to address complex challenges and achieve long-term resilience through integrated support across cyber, finance, governance and operational domains.

During crises, our restructuring team provides financial triage, refinancing guidance and interim leadership to stabilize operations. Our business transformation experts optimize store, supply chain and digital performance, using scenario modeling to improve liquidity and restore omnichannel growth. Our newly launched multiyear partnership with CrowdStrike is delivering best of breed managed detection and response (MDR) technology, accelerating customers’ cyber resilience worldwide. By consolidating multiple legacy tools and point products onto CrowdStrike’s unified, AI-native platform, we are delivering faster, more effective detection, investigation and full-cycle remediation, particularly for businesses tackling legacy systems, identity and access management and other security resilience-related issues.

As one of the top service providers preferred by major cyber insurance companies, we offer client-friendly incident response retainers for peace of mind. Our enterprise risk retainer helps organizations stay ahead of emerging risks with proactive risk management, financial predictability and expert-led incident response services.

We enable retail companies to address their security challenges through assessment services such as help desk social engineering testing and policy/playbook reviews and security operations assessments, cloud security assessments and identity security assessments, red team exercises and breach and attack simulation platforms.

Discover Our Cybersecurity and Data Resilience Services