GITNUXREPORT 2026

Retail Cybersecurity Statistics

Ransomware attacks on retailers are rising sharply in cost and complexity.

Diana Reeves

Written by Diana Reeves·Edited by Megan Gallagher·Fact-checked by Rajesh Patel

Published Feb 13, 2026·Last verified Feb 13, 2026·Next review: Aug 2026

How We Build This Report

01
Primary Source Collection

Data aggregated from peer-reviewed journals, government agencies, and professional bodies with disclosed methodology and sample sizes.

02
Editorial Curation

Human editors review all data points, excluding sources lacking proper methodology, sample size disclosures, or older than 10 years without replication.

03
AI-Powered Verification

Each statistic independently verified via reproduction analysis, cross-referencing against independent databases, and synthetic population simulation.

04
Human Cross-Check

Final human editorial review of all AI-verified statistics. Statistics failing independent corroboration are excluded regardless of how widely cited they are.

Statistics that could not be independently verified are excluded regardless of how widely cited they are elsewhere.

Our process →

Key Statistics

Statistic 1

Retail security budgets increased by an average of 9% in 2023

Statistic 2

65% of retailers are not fully compliant with the latest version of PCI DSS 4.0

Statistic 3

The average retailer uses 75 different security tools across their infrastructure

Statistic 4

48% of retailers struggle to monitor the security of their remote workers' connections

Statistic 5

Cyber insurance premiums for retailers rose by 25% on average in the last year

Statistic 6

72% of retailers have implemented Multi-Factor Authentication (MFA) for internal systems

Statistic 7

33% of retail IT infrastructure is now hosted in the public cloud

Statistic 8

55% of retail organizations have a dedicated Chief Information Security Officer (CISO)

Statistic 9

Retailers spend 12% of their total IT budget on cybersecurity

Statistic 10

20% of retail stores still use legacy Windows 7 or older for POS systems

Statistic 11

Only 42% of retailers have a formal vulnerability management program

Statistic 12

1 in 3 retailers failed their most recent security audit due to poor access controls

Statistic 13

60% of retailers have an incident response plan, but only half test it annually

Statistic 14

15% of retail cyber investment is dedicated to "Cloud Security Posture Management" (CSPM)

Statistic 15

Retailers face an average of 3 regulatory investigations annually related to data privacy

Statistic 16

40% of retailers cite "lack of skilled security staff" as their #1 infrastructure hurdle

Statistic 17

88% of retailers require their third-party vendors to meet specific security standards

Statistic 18

Deployment of Zero Trust architecture in retail grew by 15% in 2023

Statistic 19

25% of retail security spend is allocated to endpoint protection systems

Statistic 20

Infrastructure downtime due to cyberattacks costs retailers $400,000 per hour on average

Statistic 21

50% of retailers perform penetration testing only once a year or less

Statistic 22

12% of retail IT budgets are wasted on redundant or underutilized security tools

Statistic 23

Retailers in the EU are 20% more likely to encrypt data than US retailers due to GDPR

Statistic 24

70% of retail CISOs report directly to the CEO or COO

Statistic 25

35% of retailers use AI-driven tools to automate compliance reporting

Statistic 26

18% of retailers have no policy for managing the security of IoT devices in-store

Statistic 27

Cyber insurance claims in retail are denied in 10% of cases due to poor security hygiene

Statistic 28

45% of retailers use a Managed Security Service Provider (MSSP) for 24/7 monitoring

Statistic 29

Retailers prioritize IAM (Identity Access Management) as their top spending priority in 2024

Statistic 30

92% of retailers believe that passing a PCI audit does not mean they are fully secure

Statistic 31

37% of retail data breaches involve the use of stolen credentials

Statistic 32

The average cost of a data breach in the retail industry is $3.28 million

Statistic 33

It takes an average of 207 days for a retailer to identify a data breach

Statistic 34

Personally Identifiable Information (PII) is involved in 98% of retail data breaches

Statistic 35

15% of retail data breaches are caused by human error or accidental disclosure

Statistic 36

70% of retail customers say they would stop shopping at a retailer that suffered a data breach

Statistic 37

The cost per record lost in a retail data breach is approximately $164

Statistic 38

25% of retail data breaches involve internal actors

Statistic 39

Retailers that have an incident response team and plan save $1.2 million per breach

Statistic 40

40% of retail data breaches occur through vulnerabilities in third-party supply chain partners

Statistic 41

Consumer credit card information is the target of 60% of all retail breaches

Statistic 42

13% of retail breaches are the result of physical theft of hardware

Statistic 43

Small retailers (under 1,000 employees) see an average breach cost of $2.5 million

Statistic 44

58% of retail security leaders believe their data is more vulnerable in the cloud than on-premise

Statistic 45

10% of retail data breaches are attributed to nation-state actors seeking economic data

Statistic 46

Misconfigured cloud databases account for 18% of retail data leaks

Statistic 47

Retailers with high levels of security automation experience 50% lower breach costs

Statistic 48

82% of retail data breaches involved a "human element" (soc. engineering or error)

Statistic 49

The average time to contain a retail data breach is 69 days

Statistic 50

Loyalty program data accounts for 12% of data stolen in retail breaches

Statistic 51

Dark web listings for stolen retail customer credentials increased by 20% in 2023

Statistic 52

33% of retail breaches involve scanning for open ports and services

Statistic 53

Data breaches caused by lost or stolen devices cost retailers an average of $3.9 million

Statistic 54

Only 28% of retailers encrypt all customer data at rest

Statistic 55

45% of retailers say they have no way of knowing if a third-party partner was breached

Statistic 56

5% of retail breaches are discovered by the retailer themselves; most are found by law enforcement

Statistic 57

Post-breach legal costs for retailers average $580,000 per incident

Statistic 58

62% of retail data breaches are linked to financially motivated organized crime

Statistic 59

Breaches involving the "Internet of Things" (IoT) in retail stores have grown by 150%

Statistic 60

21% of retailers experienced a breach specifically targeting leur SQL databases

Statistic 61

Retailers faced 115 billion credential stuffing attacks in 2022-2023

Statistic 62

30% of all global bot traffic is directed at the retail industry

Statistic 63

Account Takeover (ATO) attacks against retailers increased by 110% year-over-year

Statistic 64

Gift card balance checking bots increased by 200% during the holiday period

Statistic 65

15% of retail revenue is lost to bot-driven fraud and inventory hoarding

Statistic 66

Scalper bots account for 25% of traffic during limited-edition product drops in retail

Statistic 67

28% of retail organizations have no specific strategy to mitigate bot traffic

Statistic 68

Scraping bots steal pricing data from 60% of major e-commerce sites every 15 minutes

Statistic 69

Credential stuffing has a 0.5% success rate, which is enough to compromise thousands of retail accounts daily

Statistic 70

Magecart-style digital skimming attacks hit an average of 1,500 retail sites monthly

Statistic 71

12% of e-commerce checkout pages contain at least one malicious third-party script

Statistic 72

Only 35% of retailers use CAPTCHA or advanced bot detection at login

Statistic 73

API-based attacks on retail platforms grew by 35% in 2023

Statistic 74

50% of retailers have experienced a "denial of inventory" attack by bots

Statistic 75

"Grinch bots" targeting toys and electronics caused a 40% uptick in infrastructure costs for retailers

Statistic 76

1 in 4 retail mobile apps contains a vulnerability that could allow for account takeover

Statistic 77

68% of retail bots are categorized as "advanced persistent bots" that mimic human behavior

Statistic 78

Fraudulent account creation in retail increased by 64% in 2023

Statistic 79

Retailers spend 10% of their IT budget specifically on e-commerce fraud prevention

Statistic 80

22% of retail cart abandonments are caused by aggressive security verification steps

Statistic 81

Formjacking, where attackers steal data from web forms, saw a 20% rise in the retail sector

Statistic 82

Online retailers face an average of 200,000 bot login attempts per hour during sales

Statistic 83

5% of e-commerce traffic is "click fraud" targeting retail advertising budgets

Statistic 84

80% of retailers believe that API security is their biggest blind spot in e-commerce

Statistic 85

Bot attacks during "Black Friday" are 3x higher than a typical day in the retail industry

Statistic 86

Fake account registrations for loyalty programs increased by 45% in 2023

Statistic 87

31% of retailers have experienced a DDoS attack targeting their web storefront

Statistic 88

Digital skimming attacks take an average of 45 days to be detected by the merchant

Statistic 89

42% of retail IT leaders cite mobile bot attacks as a growing threat to their revenue

Statistic 90

Phishing accounts for 36% of all cyberattacks directed at the retail sector

Statistic 91

1 in every 95 emails received by retail employees is a phishing attempt

Statistic 92

86% of retail organizations were targeted by at least one successful phishing attack in 2022

Statistic 93

40% of retail phishing attacks use "urgent price drop" or "order confirmation" themes

Statistic 94

Business Email Compromise (BEC) attacks on retailers cost an average of $80,000 per incident

Statistic 95

30% of retail employees clicked on a phishing link in a simulated test

Statistic 96

Spear-phishing targeting retail executives has increased by 18% since 2021

Statistic 97

74% of retail phishing sites now use HTTPS to appear legitimate to consumers

Statistic 98

52% of retailers cite social engineering as their top cybersecurity concern for holiday seasons

Statistic 99

Smishing (SMS phishing) attacks targeting retail customers grew by 300% in 2023

Statistic 100

12% of retail phishing attacks are conducted via social media messaging platforms

Statistic 101

65% of retail BEC attacks involve the impersonation of a vendor or supplier

Statistic 102

Phishing-related credential theft in retail rose by 45% between 2022 and 2023

Statistic 103

24% of retail employees who fell for a phishing lure did so on a mobile device

Statistic 104

Quishing (QR Code Phishing) has been detected in 5% of retail-themed physical store scams

Statistic 105

Retail workers are 3x more likely to click on a phishing link than financial services workers

Statistic 106

38% of retailers do not conduct regular security awareness training for seasonal staff

Statistic 107

15% of retail phishing emails contain malicious macros in an attachment

Statistic 108

"Gift Card" scams account for 10% of social engineering losses in the retail sector

Statistic 109

Retailers spend an average of $150,000 annually on phishing defense tools

Statistic 110

90% of BEC attacks in retail utilize free webmail providers to spoof addresses

Statistic 111

Voice phishing (vishing) calls impersonating tech support hit 7% of retail outlets

Statistic 112

48% of retail organizations say their phishing defense training has reduced click rates by half

Statistic 113

Phishing campaigns targeting retail employees peak on Monday mornings between 8 AM and 10 AM

Statistic 114

22% of retail phishing links lead to a site asking for multifactor authentication (MFA) codes

Statistic 115

61% of retail IT departments say remote work has made phishing harder to prevent

Statistic 116

Retailers experience an average of 4 successful social engineering breaches annually

Statistic 117

5% of retail phishing attempts are "callback phishing" where users are asked to call a number

Statistic 118

Phishing awareness improves by 20% in retailers that conduct monthly testing vs quarterly

Statistic 119

19% of retail employees admit to reusing personal passwords for work systems

Statistic 120

77% of retail organizations were hit by ransomware in 2022, up from 44% in 2021

Statistic 121

The average ransom payment in the retail sector is $438,302

Statistic 122

Nearly 50% of retail cyberattacks involve the use of malware to exfiltrate customer data

Statistic 123

26% of retail organizations hit by ransomware paid the ransom to get their data back

Statistic 124

92% of retail IT professionals reported a significant increase in the complexity of ransomware attacks

Statistic 125

The volume of ransomware attacks in retail increased by 75% year-over-year in 2023

Statistic 126

1 in 5 retail data breaches are caused by destructive malware meant to disrupt operations

Statistic 127

Retailers face an average of 1,200 malware attempts per week per organization

Statistic 128

Spyware accounts for 15% of all malware infections found within retail Point of Sale (POS) systems

Statistic 129

43% of retail ransomware attacks start with a compromised credential exploiting a remote access tool

Statistic 130

Ransomware recovery costs for retailers average $1.97 million per incident, excluding the ransom payment

Statistic 131

Emotet malware remains the primary threat vector for 12% of retail banking credentials theft

Statistic 132

67% of retail organizations recovered their data using backups rather than paying the ransom

Statistic 133

34% of malware found in retail environments is delivered via encrypted HTTPS traffic to evade detection

Statistic 134

Infostealer malware infections in the retail sector grew by 30% in the last 12 months

Statistic 135

8% of retail devices are infected with "dormant" malware waiting for peak holiday shopping seasons

Statistic 136

Retail organizations see a 40% spike in ransomware attempts during the month of December

Statistic 137

55% of malware infections in retail occur through unpatched server vulnerabilities

Statistic 138

Cryptojacking attacks on retail IT infrastructure increased by 143% in 2023

Statistic 139

22% of retailers admitted to losing customer trust permanently after a ransomware infection

Statistic 140

Ransomware hit 44% of small retail businesses with less than 500 employees

Statistic 141

Adware makes up 33% of the total malware detected on retail endpoint devices

Statistic 142

18% of retail organizations took longer than one month to recover from a ransomware attack

Statistic 143

Malware targeting POS systems has evolved to include memory-scraping capabilities in 88% of cases

Statistic 144

12% of retail malware is distributed via malicious advertising (malvertising) on shopping blogs

Statistic 145

Ransomware-as-a-Service (RaaS) kits were used in 60% of retail attacks in 2023

Statistic 146

Only 32% of retail employees can correctly identify a malware-laden file extension

Statistic 147

47% of retailers use automated tools to scrub malware from web-facing applications daily

Statistic 148

Mobile malware targeting retail shopping apps grew by 50% in the last year

Statistic 149

The average time a ransomware actor spends inside a retail network before encrypting is 11 days

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
Imagine a world where a staggering 77% of retailers were taken hostage by ransomware in just one year, a startling escalation that frames a critical introduction to the escalating and costly cyber warfare facing the retail industry today.

Key Takeaways

  • 77% of retail organizations were hit by ransomware in 2022, up from 44% in 2021
  • The average ransom payment in the retail sector is $438,302
  • Nearly 50% of retail cyberattacks involve the use of malware to exfiltrate customer data
  • 37% of retail data breaches involve the use of stolen credentials
  • The average cost of a data breach in the retail industry is $3.28 million
  • It takes an average of 207 days for a retailer to identify a data breach
  • Phishing accounts for 36% of all cyberattacks directed at the retail sector
  • 1 in every 95 emails received by retail employees is a phishing attempt
  • 86% of retail organizations were targeted by at least one successful phishing attack in 2022
  • Retailers faced 115 billion credential stuffing attacks in 2022-2023
  • 30% of all global bot traffic is directed at the retail industry
  • Account Takeover (ATO) attacks against retailers increased by 110% year-over-year
  • Retail security budgets increased by an average of 9% in 2023
  • 65% of retailers are not fully compliant with the latest version of PCI DSS 4.0
  • The average retailer uses 75 different security tools across their infrastructure

Ransomware attacks on retailers are rising sharply in cost and complexity.

Compliance & Infrastructure

1Retail security budgets increased by an average of 9% in 2023
Verified
265% of retailers are not fully compliant with the latest version of PCI DSS 4.0
Verified
3The average retailer uses 75 different security tools across their infrastructure
Verified
448% of retailers struggle to monitor the security of their remote workers' connections
Directional
5Cyber insurance premiums for retailers rose by 25% on average in the last year
Single source
672% of retailers have implemented Multi-Factor Authentication (MFA) for internal systems
Verified
733% of retail IT infrastructure is now hosted in the public cloud
Verified
855% of retail organizations have a dedicated Chief Information Security Officer (CISO)
Verified
9Retailers spend 12% of their total IT budget on cybersecurity
Directional
1020% of retail stores still use legacy Windows 7 or older for POS systems
Single source
11Only 42% of retailers have a formal vulnerability management program
Verified
121 in 3 retailers failed their most recent security audit due to poor access controls
Verified
1360% of retailers have an incident response plan, but only half test it annually
Verified
1415% of retail cyber investment is dedicated to "Cloud Security Posture Management" (CSPM)
Directional
15Retailers face an average of 3 regulatory investigations annually related to data privacy
Single source
1640% of retailers cite "lack of skilled security staff" as their #1 infrastructure hurdle
Verified
1788% of retailers require their third-party vendors to meet specific security standards
Verified
18Deployment of Zero Trust architecture in retail grew by 15% in 2023
Verified
1925% of retail security spend is allocated to endpoint protection systems
Directional
20Infrastructure downtime due to cyberattacks costs retailers $400,000 per hour on average
Single source
2150% of retailers perform penetration testing only once a year or less
Verified
2212% of retail IT budgets are wasted on redundant or underutilized security tools
Verified
23Retailers in the EU are 20% more likely to encrypt data than US retailers due to GDPR
Verified
2470% of retail CISOs report directly to the CEO or COO
Directional
2535% of retailers use AI-driven tools to automate compliance reporting
Single source
2618% of retailers have no policy for managing the security of IoT devices in-store
Verified
27Cyber insurance claims in retail are denied in 10% of cases due to poor security hygiene
Verified
2845% of retailers use a Managed Security Service Provider (MSSP) for 24/7 monitoring
Verified
29Retailers prioritize IAM (Identity Access Management) as their top spending priority in 2024
Directional
3092% of retailers believe that passing a PCI audit does not mean they are fully secure
Single source

Compliance & Infrastructure Interpretation

Even with a robust 9% budget increase, the retail sector's cybersecurity posture remains a patchwork quilt of advanced tools and alarming gaps, where throwing money at the problem hasn't yet solved the foundational issues of compliance, legacy systems, and human oversight.

Data Breaches & Privacy

137% of retail data breaches involve the use of stolen credentials
Verified
2The average cost of a data breach in the retail industry is $3.28 million
Verified
3It takes an average of 207 days for a retailer to identify a data breach
Verified
4Personally Identifiable Information (PII) is involved in 98% of retail data breaches
Directional
515% of retail data breaches are caused by human error or accidental disclosure
Single source
670% of retail customers say they would stop shopping at a retailer that suffered a data breach
Verified
7The cost per record lost in a retail data breach is approximately $164
Verified
825% of retail data breaches involve internal actors
Verified
9Retailers that have an incident response team and plan save $1.2 million per breach
Directional
1040% of retail data breaches occur through vulnerabilities in third-party supply chain partners
Single source
11Consumer credit card information is the target of 60% of all retail breaches
Verified
1213% of retail breaches are the result of physical theft of hardware
Verified
13Small retailers (under 1,000 employees) see an average breach cost of $2.5 million
Verified
1458% of retail security leaders believe their data is more vulnerable in the cloud than on-premise
Directional
1510% of retail data breaches are attributed to nation-state actors seeking economic data
Single source
16Misconfigured cloud databases account for 18% of retail data leaks
Verified
17Retailers with high levels of security automation experience 50% lower breach costs
Verified
1882% of retail data breaches involved a "human element" (soc. engineering or error)
Verified
19The average time to contain a retail data breach is 69 days
Directional
20Loyalty program data accounts for 12% of data stolen in retail breaches
Single source
21Dark web listings for stolen retail customer credentials increased by 20% in 2023
Verified
2233% of retail breaches involve scanning for open ports and services
Verified
23Data breaches caused by lost or stolen devices cost retailers an average of $3.9 million
Verified
24Only 28% of retailers encrypt all customer data at rest
Directional
2545% of retailers say they have no way of knowing if a third-party partner was breached
Single source
265% of retail breaches are discovered by the retailer themselves; most are found by law enforcement
Verified
27Post-breach legal costs for retailers average $580,000 per incident
Verified
2862% of retail data breaches are linked to financially motivated organized crime
Verified
29Breaches involving the "Internet of Things" (IoT) in retail stores have grown by 150%
Directional
3021% of retailers experienced a breach specifically targeting leur SQL databases
Single source

Data Breaches & Privacy Interpretation

Even the most trusted employee password is but a short, lazy stroll for a thief, leading to a shockingly expensive and slow-motion disaster where nearly every customer record is ultimately handed over, proving that in retail, the greatest threat to security isn't the software you didn't buy, but the human mistake you didn't train for.

E-commerce & Bot Attacks

1Retailers faced 115 billion credential stuffing attacks in 2022-2023
Verified
230% of all global bot traffic is directed at the retail industry
Verified
3Account Takeover (ATO) attacks against retailers increased by 110% year-over-year
Verified
4Gift card balance checking bots increased by 200% during the holiday period
Directional
515% of retail revenue is lost to bot-driven fraud and inventory hoarding
Single source
6Scalper bots account for 25% of traffic during limited-edition product drops in retail
Verified
728% of retail organizations have no specific strategy to mitigate bot traffic
Verified
8Scraping bots steal pricing data from 60% of major e-commerce sites every 15 minutes
Verified
9Credential stuffing has a 0.5% success rate, which is enough to compromise thousands of retail accounts daily
Directional
10Magecart-style digital skimming attacks hit an average of 1,500 retail sites monthly
Single source
1112% of e-commerce checkout pages contain at least one malicious third-party script
Verified
12Only 35% of retailers use CAPTCHA or advanced bot detection at login
Verified
13API-based attacks on retail platforms grew by 35% in 2023
Verified
1450% of retailers have experienced a "denial of inventory" attack by bots
Directional
15"Grinch bots" targeting toys and electronics caused a 40% uptick in infrastructure costs for retailers
Single source
161 in 4 retail mobile apps contains a vulnerability that could allow for account takeover
Verified
1768% of retail bots are categorized as "advanced persistent bots" that mimic human behavior
Verified
18Fraudulent account creation in retail increased by 64% in 2023
Verified
19Retailers spend 10% of their IT budget specifically on e-commerce fraud prevention
Directional
2022% of retail cart abandonments are caused by aggressive security verification steps
Single source
21Formjacking, where attackers steal data from web forms, saw a 20% rise in the retail sector
Verified
22Online retailers face an average of 200,000 bot login attempts per hour during sales
Verified
235% of e-commerce traffic is "click fraud" targeting retail advertising budgets
Verified
2480% of retailers believe that API security is their biggest blind spot in e-commerce
Directional
25Bot attacks during "Black Friday" are 3x higher than a typical day in the retail industry
Single source
26Fake account registrations for loyalty programs increased by 45% in 2023
Verified
2731% of retailers have experienced a DDoS attack targeting their web storefront
Verified
28Digital skimming attacks take an average of 45 days to be detected by the merchant
Verified
2942% of retail IT leaders cite mobile bot attacks as a growing threat to their revenue
Directional

E-commerce & Bot Attacks Interpretation

Retailers are fighting a war where the enemy is a tireless, automated army that steals from the till, hoards the shelves, and has the audacity to use your own checkout line to do it, all while a shocking number of stores are still checking the locks on the front door long after the bots have jimmied every other window.

Phishing & Social Engineering

1Phishing accounts for 36% of all cyberattacks directed at the retail sector
Verified
21 in every 95 emails received by retail employees is a phishing attempt
Verified
386% of retail organizations were targeted by at least one successful phishing attack in 2022
Verified
440% of retail phishing attacks use "urgent price drop" or "order confirmation" themes
Directional
5Business Email Compromise (BEC) attacks on retailers cost an average of $80,000 per incident
Single source
630% of retail employees clicked on a phishing link in a simulated test
Verified
7Spear-phishing targeting retail executives has increased by 18% since 2021
Verified
874% of retail phishing sites now use HTTPS to appear legitimate to consumers
Verified
952% of retailers cite social engineering as their top cybersecurity concern for holiday seasons
Directional
10Smishing (SMS phishing) attacks targeting retail customers grew by 300% in 2023
Single source
1112% of retail phishing attacks are conducted via social media messaging platforms
Verified
1265% of retail BEC attacks involve the impersonation of a vendor or supplier
Verified
13Phishing-related credential theft in retail rose by 45% between 2022 and 2023
Verified
1424% of retail employees who fell for a phishing lure did so on a mobile device
Directional
15Quishing (QR Code Phishing) has been detected in 5% of retail-themed physical store scams
Single source
16Retail workers are 3x more likely to click on a phishing link than financial services workers
Verified
1738% of retailers do not conduct regular security awareness training for seasonal staff
Verified
1815% of retail phishing emails contain malicious macros in an attachment
Verified
19"Gift Card" scams account for 10% of social engineering losses in the retail sector
Directional
20Retailers spend an average of $150,000 annually on phishing defense tools
Single source
2190% of BEC attacks in retail utilize free webmail providers to spoof addresses
Verified
22Voice phishing (vishing) calls impersonating tech support hit 7% of retail outlets
Verified
2348% of retail organizations say their phishing defense training has reduced click rates by half
Verified
24Phishing campaigns targeting retail employees peak on Monday mornings between 8 AM and 10 AM
Directional
2522% of retail phishing links lead to a site asking for multifactor authentication (MFA) codes
Single source
2661% of retail IT departments say remote work has made phishing harder to prevent
Verified
27Retailers experience an average of 4 successful social engineering breaches annually
Verified
285% of retail phishing attempts are "callback phishing" where users are asked to call a number
Verified
29Phishing awareness improves by 20% in retailers that conduct monthly testing vs quarterly
Directional
3019% of retail employees admit to reusing personal passwords for work systems
Single source

Phishing & Social Engineering Interpretation

If retailers treat phishing as a mostly-email nuisance to be clicked through like terms and conditions, the statistics confirm they'll be paying a high premium for their apathy—about $80,000 per executive blunder and countless consumer credentials—with their own employees three times more likely to take the bait than a banker.

Ransomware & Malware

177% of retail organizations were hit by ransomware in 2022, up from 44% in 2021
Verified
2The average ransom payment in the retail sector is $438,302
Verified
3Nearly 50% of retail cyberattacks involve the use of malware to exfiltrate customer data
Verified
426% of retail organizations hit by ransomware paid the ransom to get their data back
Directional
592% of retail IT professionals reported a significant increase in the complexity of ransomware attacks
Single source
6The volume of ransomware attacks in retail increased by 75% year-over-year in 2023
Verified
71 in 5 retail data breaches are caused by destructive malware meant to disrupt operations
Verified
8Retailers face an average of 1,200 malware attempts per week per organization
Verified
9Spyware accounts for 15% of all malware infections found within retail Point of Sale (POS) systems
Directional
1043% of retail ransomware attacks start with a compromised credential exploiting a remote access tool
Single source
11Ransomware recovery costs for retailers average $1.97 million per incident, excluding the ransom payment
Verified
12Emotet malware remains the primary threat vector for 12% of retail banking credentials theft
Verified
1367% of retail organizations recovered their data using backups rather than paying the ransom
Verified
1434% of malware found in retail environments is delivered via encrypted HTTPS traffic to evade detection
Directional
15Infostealer malware infections in the retail sector grew by 30% in the last 12 months
Single source
168% of retail devices are infected with "dormant" malware waiting for peak holiday shopping seasons
Verified
17Retail organizations see a 40% spike in ransomware attempts during the month of December
Verified
1855% of malware infections in retail occur through unpatched server vulnerabilities
Verified
19Cryptojacking attacks on retail IT infrastructure increased by 143% in 2023
Directional
2022% of retailers admitted to losing customer trust permanently after a ransomware infection
Single source
21Ransomware hit 44% of small retail businesses with less than 500 employees
Verified
22Adware makes up 33% of the total malware detected on retail endpoint devices
Verified
2318% of retail organizations took longer than one month to recover from a ransomware attack
Verified
24Malware targeting POS systems has evolved to include memory-scraping capabilities in 88% of cases
Directional
2512% of retail malware is distributed via malicious advertising (malvertising) on shopping blogs
Single source
26Ransomware-as-a-Service (RaaS) kits were used in 60% of retail attacks in 2023
Verified
27Only 32% of retail employees can correctly identify a malware-laden file extension
Verified
2847% of retailers use automated tools to scrub malware from web-facing applications daily
Verified
29Mobile malware targeting retail shopping apps grew by 50% in the last year
Directional
30The average time a ransomware actor spends inside a retail network before encrypting is 11 days
Single source

Ransomware & Malware Interpretation

While ransomware is turning retail's cash registers into ransom registers at a dizzying pace, with attacks ballooning and costs soaring, the silver lining is that a savvy two-thirds of retailers are telling hackers to take a hike by restoring from backups instead of paying up.

Sources & References

Logos provided by Logo.dev