American retail brands aren’t the only ones that have been hit by a cyberattack this year.  British retailers, including Marks & Spencer and Harrods, have also suffered cybersecurity breaches in the past few months. What made these major retailers susceptible to digital onslaughts of this nature?  As John Walsh, the field chief technology officer of Igel Technology and a leading cybersecurity expert, told Inside Retail, “Retailers aren’t just selling products anymore, they’re custodians of sensitive data and digital trust.” However, data shows that many retailers aren’t taking the necessary steps to fully protect their data from theft.  PwC’s 2025 Global Digital Trust Insights Survey found that only 2 per cent of businesses surveyed have implemented cyber resilience actions across their organisations, despite substantial digital investments.  This is particularly notable for retailers, where a 17 per cent confidence gap exists between chief information security officers (CISOs), chief security officers (CSOs) and CEOs regarding AI and resilience compliance, compared with a 13 per cent disparity across all sectors. “The recent breaches at brands like Cartier and The North Face show how exposed even high-profile brands are when the right security frameworks aren’t in place,” Walsh observed.  What factors are behind the recent rise in cyberattacks? Walsh noted that the spike in cyberattacks reflect several converging trends, including automation, AI and opportunism.  “Tools once used by advanced threat actors are now mainstream, making sophisticated attacks easier and faster to launch,” Walsh stated. “With retailers operating across vast networks of devices, platforms and third-party providers, the digital footprint has never been more attractive to attackers.” “In retail, everything from mobile checkout to backend fulfillment relies on endpoint reliability. But many of those endpoints are inconsistently secured, and that’s where breaches begin,” he elaborated.  Not to mention that with retailers rapidly expanding their commerce footprint across social platforms like Facebook and TikTok, they have introduced new threat surfaces.  Walsh noted that phishing, a type of social engineering attack often used to steal customer data, such as login credentials or credit card numbers, and credential harvesting are no longer confined to email. Today’s attackers can exploit social media, short message services (SMS) and even brand impersonation to lure customers and staff alike. Additionally, Walsh reflected that AI has enabled a new class of attacks that mutate constantly.  “Techniques and tools once developed by nation-state actors are now released ‘into the wild’, giving everyday cybercriminals access to powerful capabilities. These ‘living off the land’ attacks are harder to detect and evolve rapidly,” he warned.  The reality is that retailers who rely on outdated defenses can’t match the pace of modern threats.  “Adopting fluid, adaptive frameworks, especially those that treat identity and endpoint trust as dynamic, not static, is now non-negotiable,” stated Walsh.  How brands can protect themselves from cybersecurity attacks  Walsh broke down six operational shifts that retailers should consider making to improve cybersecurity: Secure your endpoints first “In retail, the endpoint is the frontline, it’s where transactions happen, identities are verified and often where vulnerabilities are exploited,” Walsh stated. To help avoid vulnerabilities, retailers should use lightweight, hardened operating environments that can be centrally managed and easily reset. Read-only designs, like those found in some modern endpoint platforms, can minimise malware dwell time and simplify recovery.  Educating end users about password hygiene, tokenisation and secure payment behaviors (e.g., avoiding debit card entry at POS) further strengthens this first layer. Make security invisible, not burdensome Walsh commented, “Retail staff need fast access, not friction.” This means single sign-on (SSO), automated patches and non-intrusive controls that work behind the scenes. “Seamless security integration keeps stores running without compromising protection. Effective security should be present but unseen, operating as part of the natural workflow,” he said. Watch the back door third-party vendors  From shipping to analytics, third-party vendors are often granted system access without robust oversight, Walsh pointed out. This means that it’s essential to conduct regular audits, apply zero trust principles and hold vendors to the same security standards as internal teams. Retailers should consistently work to ensure continuous validation of vendor risk. Design for containment “When incidents happen (and they will), fast recovery matters,” Walsh cautioned.  Retailers need to invest in technologies that restore known-good configurations, which can prevent hours of downtime and protect brand reputation in the process. Build a cyber-aware culture “Cashiers and store managers are as important to security as your CISO,” said Walsh. Quick training refreshers, phishing simulations and clear escalation paths empower frontline workers to act as the first line of defense.  Even top-level executives have been found using weak passwords, making basic cybersecurity-related hygiene essential at all levels. Align security with efficiency Security doesn’t have to be a trade-off for efficiency.  Some endpoint platforms support both strong cyber hygiene and reduced IT expenses by enabling longer device lifecycles and streamlined management.  In a cost-sensitive environment like retail, this alignment is a strategic advantage, Walsh added. What retailers need to keep in mind about cybersecurity “Cyber resilience is the real differentiator in today’s retail world,” warned Walsh. “Customers may not notice when your systems are secure, but they’ll remember when they’re not. Investing in stability and trust isn’t just good security, it’s good business.” He added, “Retailers should think of resilience as invisible loyalty infrastructure. Your brand is judged by how quietly and reliably you recover.” It is better to invest time, effort and financial resources now to build a strong protection system in place, versus spending the time and risking a loss in sales to recover after a cybersecurity breach.