Retailers unprepared for AI-driven cyber threats as attacks surge
Retailers are facing heightened levels of cyber threats driven by artificial intelligence, with new data indicating a gap between awareness of advanced risks and actual preparedness. As the peak shopping season approaches, the figures highlight a sector grappling with increasing attack volumes and growing attack sophistication.
Attack volume
According to new research from managed security provider LevelBlue, 44% of surveyed retailers report a significantly higher volume of cyber attacks. One-third say their organisation suffered a breach during the past year. AI-based threats, such as deepfakes and synthetic identities, are emerging as particular sources of concern.
While 45% of retail executives expect AI-powered attacks during the coming shopping season, only a quarter consider their organisations prepared to confront them. Similarly, 44% anticipate deepfake attacks, but just 33% believe they are ready. The rapid advance of AI technologies is outpacing defences for many.
Identification difficulty
Almost two thirds of retail executives observe that it is increasingly difficult for employees to distinguish between genuine and malicious threats as attack complexity intensifies. The increased integration of AI-generated content and social engineering tactics has made threat identification more challenging at all levels of an organisation.
Supply chain risk
Security gaps extend beyond direct attacks. LevelBlue's research highlights concerns about software supply chain vulnerabilities, with 47% of executives citing low to moderate visibility into their supplier networks. Although exposure to supply chain risk is widely recognised, only 22% identified engaging with suppliers over security credentials as a top priority for the year ahead.
Cultural change
Organisational attitudes are starting to shift. The data shows 67% of executives report that high-profile security breaches have raised the profile of cybersecurity within their executive teams. Retailers are moving to increase board-level engagement on issues of cyber resilience over the next 12 months.
The survey found that for 60% of retailers, cybersecurity teams now have greater integration with business lines. About half of the leadership roles within these companies are measured against specific cybersecurity performance indicators. A similar proportion-44%-said that business risk appetites have been aligned with cybersecurity risk management objectives. However, just 40% said their organisations have an effective company-wide cybersecurity culture.
Investment trends
Retailers are planning targeted investments. The most popular areas for significant spending include application security (66%), organisation-wide cyber-resilience processes (65%), defences against generative AI-driven social engineering (63%), and machine learning-powered pattern matching (63%).
Despite these intentions, the gap between threat expectation and preparedness suggests the sector faces ongoing challenges. Levels of readiness for key risk areas lag behind the expected threat horizon in many organisations.
"With the evolution of threats today's retailers face, cyber resilience is critical for innovation and security," said Kory Daniels, Chief Security and Trust Officer, LevelBlue. "Retailers' success requires the trust of consumers and suppliers, and there is still an opportunity for organizations to close critical gaps. While many organizations are taking proactive steps, challenges indicate the need for ongoing investments and continued cyber-resilient culture to be effective in an evolving threat landscape."
