- The future of retail cybersecurity: Explore insights from 220 retail executives on managing AI-driven threats and closing the cyber resilience gap.
- 44% of retail organizations report a sharp increase in cyberattacks, underscoring the urgent need for stronger cybersecurity defenses across the sector.
- 34% of retailers experienced a data breach in the past year, revealing the persistent vulnerabilities in retail cybersecurity strategies.
The last year has seen the retail sector fixed squarely in the sights of threat actors, as several of the largest attacks involved several of the world’s best known retail brands, including Harrods, Marks & Spencer, and Victoria’s Secret.
The 2025 LevelBlue Futures Report: Aligning Cyber Resilience and Business Goals in the Retail Sector provides context for these attacks, with 44% saying they are experiencing a significantly higher volume of attacks and 34% of retailers surveyed noting that their organization in fact suffered a breach in the last year.
These figures are from a worldwide survey of 220 retail executives conducted by LevelBlue earlier this year. The intent was to uncover whether retail organizations are incorporating enterprise-level cyber resilience strategies and to determine their major cybersecurity concerns moving forward.
The survey revealed a roller coaster ride of answers with retailers expressing both confidence in their ability to repel certain types of attacks and concern over being unprepared for others.
The AI Conundrum
The survey made it clear that retail executives are concerned about and expect AI-powered attacks to take place. Showing an odd dichotomy, 49% of those surveyed said they are highly or very highly competent at defending themselves against AI-based attacks, but only 25% go on to say they are prepared to deal with such incidents.
Perhaps reflecting their possible overconfidence in their ability to defend against AI attacks, 52% replied that they are highly or very highly competent at implementing and using AI to enhance cybersecurity. The vast majority are so confident in their ability to implement AI-powered security that only 32% are reluctant to implement AI tools and technologies because of possible associated cybersecurity ramifications.
Alignment for Success
The need for cybersecurity teams to integrate with the organization's lines of business is starting to gain traction, with 44% of the surveyed saying they have effectively aligned business risk appetites with cybersecurity risk management. This is aided by the fact that 49% of the executives noted that communication channels between cybersecurity and line-of-business teams are effective.
This level of alignment falls off when it comes to implementing security measures with new projects, as only 37% allocate a cybersecurity budget to new initiatives from the beginning, which is significantly lower than the global average of 46%.
A Cybersecurity Culture Gap
It is well understood that creating an environment in which all workers understand they are an integral part of their firm’s cybersecurity architecture is essential to building a strong security culture. Unfortunately, the survey found only 40% say they have an effective company-wide cybersecurity culture.
One avenue to consider for improving this figure would be using outside expertise to enhance their workforce’s cybersecurity measures. However, only about one-third have engaged external support for training and awareness in the past 12 months, and this figure is not expected to change in the coming years.
These are just a few of the dozens of topics covered in the 2025 LevelBlue Futures Report: Aligning Cyber Resilience and Business Goals in the Retail Sector. The report offers a comprehensive look into how retailers are responding to escalating cyber threats.
Download the full report to explore the complete survey data, insights, and recommendations shaping the future of retail cybersecurity.
