Lynne Murray | Director of Product Marketing for Data Security
More About This Author >
Lynne Murray | Director of Product Marketing for Data Security
More About This Author >
It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is a crucial time for retailers, given the heightened customer engagement and increased volume of financial transactions. Expectations are high, especially during peak periods that drive a significant portion of annual revenues. At the same time, high-priority strategic business requirements such as data-driven customer experience, omnichannel operations, staffing agility, and robust security measures must be in optimal working order to capitalize on these high-revenue windows.
As shopping surges, consumers can benefit from various deals and savings; however, businesses also face an increased risk of cyber-attacks. These attacks specifically target retail systems and supply chains that manage extensive customer data and depend on the efficient functioning of intricate digital infrastructures. Consequently, all companies within the retail sector must recognize that cybersecurity must be treated as a top-tier business priority.
Let's briefly examine this sector and the threat indicators leading up to this year’s holiday season. I’ve compiled key facts and figures based on the top security industry and retail sector research reports published annually, highlighting trends and insights in cyber threats and data breaches.
Latest retail 2025 holiday season forecast
According to the National Retail Federation (NRF), retail sales during the 2025 holiday shopping season are forecasted to increase between 3.7% and 4.2% compared with 2024. NRF predicts U.S. holiday retail sales will surpass $1 trillion for the first time, reaching between $1.01 trillion and $1.02 trillion in November andDecember.
Trends in data breaches and attacks
According to Verizon's 2025 Data Breach Investigations Report, the retail sector experienced 837 cyber incidents, leading to 419 confirmed data breaches in Q2 2025, primarily caused by ransomware, sophisticated social engineering (phishing/BEC), and supply chain vulnerabilities, often involving the use of AI by attackers, with a notable surge in publicly disclosed incidents.. Attackers are using more disruptive tactics, including data exfiltration and operational disruption, and ransom demands have risen sharply.
According to the IBM 2025 Cost of a Data Breach Report the average cost of a data breach in the retail sector was $3.54 million up from $3.48 million, reflecting an 18% increase from the previous year.
In 2025, a notable shift in cyberattack strategies has emerged, with attackers increasingly focusing on causing operational disruption to businesses.
This trend has been characterized by a series of attacks designed to inflict maximum damage, resulting in significant financial losses and extended periods of operational downtime for organizations. An example of this is a major retailer that experienced a six-week online outage due to such an attack. This approach allows attackers to exert more pressure on organizations, thereby enhancing their leverage when demanding ransom payments.
Compromised data type: Customer personally identifiable information (PII) was the most frequently compromised data type globally (53% of breaches) and was particularly relevant to recent high-profile retail attacks in 2025. Attackers are shifting their focus from payment data to easier-to-access targets like credentials and internal information. As digital transformation speeds up, the increasing complexity makes it harder to maintain a clear view of where sensitive data is stored, leading to security gaps.
Malware attacks: Ransomware was present in 44% of all breaches, a notable increase from the previous year. Publicly disclosed ransomware attacks against retailers jumped by 58% in Q2 2025 compared to Q1 2025. One report noted an 85% increase in attacks against UK retailers in the first four months of 2025 compared to the same period in 2024.
Third-party risk: In 2025, it was reported that approximately 30% of all data breaches were linked to third-party entities (partners, vendors, and service providers), a substantial rise from the 15% recorded in the previous year. This doubling of third-party participation in breaches indicates a significant shift in the cybersecurity threat landscape, underscoring the growing vulnerabilities within supply chain ecosystems.
Bad Bots: According to the Thales 2025 Data Threat Report, e-commerce is a prime target for bad bots, which accounted for 37% of all internet traffic and nearly half of all retail-specific web traffic in 2025. During major sales events, bots can disrupt operations and the availability of high-demand products by facilitating a range of damaging attacks. This causes frustration, drives customers away, and damages the retailer's relationship with its customer base.
The 2025 Imperva Bad Bot Report reported that AI-powered bad bots are growing faster than ever, accounting for 33% of all retail web traffic. The increasing sophistication of these AI-driven bad bots are performing harmful activities, such as scraping data, spamming, and launching denial-of-service attacks. These bots can mimic human behavior, making them difficult to detect and block.
API exploitation: Attackers are increasingly using bots to target Application Programming Interfaces (APIs) — which are essential for many modern retail services — to gain unauthorized access to sensitive data or exploit vulnerabilities in the application logic.
Vulnerability exploitation: The use of vulnerability exploitation as an initial access method remain the most common technical cause of attacks in the retail sector (30% of incidents), followed by compromised credentials and malicious emails/phishing, and AI-powered attacks and application security vulnerabilities.
Artificial intelligence (AI): Data breaches and security incidents involving Artificial Intelligence (AI), especially generative AI, have seen a significant increase in the retail sector in 2025 compared to 2024. The unsanctioned use of AI tools by employees ("shadow AI") is a growing problem. This risk is highly relevant to retail, where employees might use public AI tools with customer data to work more efficiently.
Key reasons for data security
For retailers to thrive, it is essential to prioritize strong data security and create a seamless, privacy-respecting user experience. This focus is critical for maintaining digital trust and ensuring secure business operations.
- Protecting Customer Trust and Brand Reputation: Consumer trust in digital services is declining, and a majority of consumers expect their data to be handled securely. A single data breach can result in negative publicity and lost customers, directly impacting revenue and future success. Robust data protection builds loyalty and competitive advantage. The 2025 Thales Digital Trust Index indicates that 82% of consumers reported abandoning a brand within the past year due to concerns regarding the use of their personal data. Protecting sensitive data involves a multi-layered approach: use strong encryption for data both at rest and in transit, implement robust access controls, policy enforcement, and posture management.
- Navigating a Complex Threat Landscape: Cyberattacks are becoming more sophisticated, with malware, phishing, and ransomware remaining top concerns. Retailers are prime targets due to the vast amounts of customer personal information and payment details they hold, which hackers target for financial gain. Now more than ever, retailers must adopt a risk-based and data-centric approach supported by advanced technologies like AI and the principles of Zero Trust.
- Maintaining Compliance with Stringent Regulations: The retail sector must adhere to strict data privacy mandates like GDPR and PCI-DSS. Non-compliance carries significant penalties, including crippling fines (up to £17.5 million or 4% of annual global turnover under GDPR) and legal claims. Enhanced encryption and stricter compliance measures are being prioritized to safeguard sensitive information by demonstrating that data is protected and used as prescribed, simplifying audits and shortening audit reporting cycles.
- Securing Multi-Cloud and Hybrid IT Environments: Retailers are increasingly using multiple public clouds and numerous SaaS applications (an average of 85 SaaS apps in 2025), creating complex hybrid IT environments that are difficult to secure. This complexity leads to fragmented security solutions, potential security blind spots, and higher operational costs, all of which adversaries can exploit. This requires a transition from fragmented, siloed data protection to a cohesive, strategic capability using solutions such as encryption, robust key management, and data activity monitoring.
- Managing the Risks of AI Adoption: Retailers are rapidly adopting generative AI (GenAI) for hyper-personalization and automation, but this introduces new vulnerabilities. Nearly 70% of organizations identified the fast-moving GenAI ecosystem as a top security concern, as rushed deployments can outpace security readiness. focusing on behavioral analysis and anomaly detection. To combat increasingly sophisticated, AI-driven attacks, preventative as well as defensive AI security is being deployed to counter AI-powered threats.
- Addressing the "Human Error" Factor: While technical threats evolve, human error remains a significant factor in data breaches, often through misconfiguration or accidental sharing of permissions. This necessitates monitoring for specific threats like unauthorized lateral movement, data exfiltration, or abnormal access attempts. Continuous monitoring helps identify vulnerabilities as they arise.
- Controlling Data Sprawl and Sovereignty: Data is stored in many places, across various applications and cloud environments, often in locations security teams aren't aware of. The need to know where data resides and who controls it is critical for ensuring digital sovereignty and meeting specific customer or regional privacy mandates. To prevents unauthorized access by malicious actors or processes, such as privileged user access, to sensitive data, retailers must be vigilant in their data protection measures, leveraging comprehensive visibility and control over data used and stored by their cloud provider systems.
- Reducing Supply Chain Risk: Retailers are highly dependent on third-party vendors and partners. A vulnerability in any part of this extended supply chain can be an entry point for attackers, underscoring the need to ensure suppliers only have the minimum access necessary to perform their functions and prevent unauthorized access. A vendor risk management strategy must prioritize implementing strong controls (like the principle of least privilege), continuous monitoring, and fostering collaborative supplier relationships.
Thales Data Security Solutions
Keeping pace with high-speed applications and data-intensive operations demands robust end-to-end threat detection with automated response workflows and remediation recommendations. To manage these challenges, Thales is working with retailers to help them implement a unified data security platform that simplifies compliance and provides end-to-end visibility.
Thales delivers the broadest support of data security for retail use cases with products designed to work together, a single line to global support, a proven track record protecting from evolving threats, and the largest ecosystem of data security partnerships in the industry.
With a multifaceted approach to protecting data in place, retailers can expect to reduce risk, accelerate compliance, streamline operations, and accelerate growth and digital innovation. Thales integrates AI and automation into solutions to help Security Operations Centers (SOCs) analysts prioritize relevant alerts, reduce fatigue, and respond more effectively in real-time.
In essence, data security must be a central, strategic priority, moving beyond a "checkbox" compliance exercise to a holistic, data-centric approach to effectively manage risk in this complex, AI-driven environment. By applying these measures consistently, security teams can proactively prevent threats, identify attacks early, and maintain confidence that cloud resources and software pipelines remain under control.
You can find more information in the Thales 2025 Data Threat Report and the 2025 Cloud Security Study.