Updated November 2024
Cyberattacks are on the rise and every industry is fair game to cybercriminals. The retail industry is no exception. In fact, according to Sophos’ State of Ransomware in Retail 2024 report, 45% of the industry was struck by ransomware or extortionware attacks. More than half (51%) of ransom demands were for 1 million or more, with 17% of demands were for 5 million or more. Only 5% of respondents reported less than a four-figure ransom demands. Ransom payments are just one element of recovery costs when dealing with ransomware events. Excluding any ransoms paid, in 2024, retail organizations reported a mean cost of $2.73M to recover from a ransomware attack, an increase from the $1.85M reported in 2023.
The rapid trial-by-fire method of securing systems and data has certainly forced their IT teams to up their cybersecurity knowledge and increase their overall security posture. But it doesn’t change the fact that the overall nature of the retail workforce can continue to make the retail industry vulnerable to cyberattacks.
Cyberattacks and Retail Businesses
One of the industry’s biggest weaknesses is its high employee turnover rate. The Bureau of Labor Statistics reports that U.S. retail organizations experience an average employee turnover rate of approximately 60 percent. The turnover rate is high compared to most other industries. The reasons can vary from the simple nature of seasonal business fluctuations to low wages to poor training.
With the retail season just around the corner, we wrote an ebook, The Retail Industry’s Biggest Security Risks, outlining the security risks that this high turnover can pose to retail organizations and steps you can take to protect your organization.
