Retailers face surge in AI-driven cyber threats & supply chain risks
The retail sector is reporting an increased volume of cyber threats, with a significant proportion experiencing security breaches. New research shows that almost half of retailers are under greater attack, and executives are challenged by the complexity of modern cyber risks, including artificial intelligence (AI)-driven threats.
Threat environment
The findings indicate 44 per cent of retailers have seen a notable rise in cyber attacks, while 34 per cent have suffered a breach in the past year. The trend is attributed to the adoption of AI technology by malicious actors and the sector's rapid digital transformation.
Emerging AI tools have added layers of complexity to cyber attacks, making them harder for staff to detect. Two thirds of retail executives say it is becoming more difficult for employees to distinguish genuine threats from scams as AI increases the sophistication of attacks, according to the LevelBlue report.
Preparedness gap
Despite awareness of evolving cyber risks, a preparedness deficit remains. Only 25 per cent of retail executives say they are ready for AI-powered attacks, even though 45 per cent expect to see such attacks. In the case of deepfake threats, 33 per cent of executives say they are prepared, despite 44 per cent anticipating incidents involving deepfakes or synthetic identities.
Supply chain issues
Security across the software supply chain is another concern. Nearly half (47 per cent) of executives say they have very low to moderate visibility into their suppliers' software and security measures. Just 22 per cent of respondents rank engagement with suppliers on security credentials among their key priorities for the coming year.
Boardroom focus
The implications of recent high-profile breaches have raised cybersecurity issues at the executive level. Some 67 per cent of executives from companies that experienced such breaches report that cybersecurity now has higher priority within the C-suite. Increasing board engagement on cyber resilience is cited as a top-five agenda item for the next 12 months.
"Criminal activity and nation state-backed actors are leveraging AI to increase the sophistication, volume, and success of their attacks. It is imperative for businesses to adopt a resilience-by-design playbook to have success defending their clients, suppliers, and organisational data," said Kory Daniels, Chief Security and Trust Officer, LevelBlue.
Daniels added, "Retailers' success requires the trust of consumers and suppliers, and there is still an opportunity for organisations to close critical gaps. While many organisations are taking proactive steps, challenges indicate the need for ongoing investments and continued cyber-resilient culture to be effective in an evolving threat landscape."
Proactive changes
The research shows that 60 per cent of retail executives report integration of cybersecurity teams with their wider lines of business. Half say leadership roles are measured against cybersecurity performance. A smaller share - 44 per cent - believe their risk management aligns with the business's appetite for risk, and 40 per cent describe an effective company-wide security culture.
Future investment priorities include application security (66 per cent) and company-wide cyber resilience processes (65 per cent). Other areas attracting interest are generative AI countermeasures for social engineering (63 per cent), and machine learning tools for pattern matching (63 per cent).
Next steps
The report identifies several recommended actions for retailers. These include increasing emphasis on cyber resilience at the organisational level, embedding responsibilities throughout teams, prioritising supply chain security, and taking a proactive approach to cyber threats.
LevelBlue's guidance stresses the value of integrating cyber-resilience into top-level decision making, fostering a business-wide culture of awareness, investing in advanced threat detection, and demanding greater transparency from suppliers.
