Sectors > Retail
From supermarkets and department stores to e-commerce marketplaces and point-of-sale providers, retail is at the heart of the global economy.
The sector has embraced digital transformation, from smart shelves and connected logistics to mobile apps and online storefronts, but this also means its attack surface has grown. The British Retail Consortium has reported that 57% of UK retailers faced more cyberattacks in 2024, while 90% said incidents remained constant or increased year on year since 2015.
Recent events highlight the scale of the risk. For example, Marks & Spencer suffered a ransomware attack that disabled online orders, its app and click-and-collect for almost four months, with projected costs of £300 million. The Co-operative Group shut down parts of its IT network following a malicious breach that disrupted stock orders across 2,000 food stores and 800 funeral homes. The attack exposed the data of 6.5 million members and is expected to cost £206 million in revenue.
UK retailers operate under a number of regulations that aim to protect customer data and improve resilience. Guidance from the NCSC helps shape risk management and incident reporting. The NIS regulations classify large e-commerce platforms as digital service providers, requiring proportionate security measures. These are due to be updated by the forthcoming UK Cyber Security and Resilience Bill, and are likely to impose stricter requirements on supply chains and introduce faster reporting deadlines.
Alongside these, the Data Protection Act 2018 and GDPR regulate how personal data is collected, stored and shared and include fast breach notification as a central requirement.
Payment card data is regulated under PCI DSS, which mandates encryption, testing and access controls.
Beyond compliance, many retailers also use the government's Cyber Assessment Framework to measure maturity and pursue ISO 27001 certification to embed governance, accountability and continuous improvement into their operations.
We understand the unique cybersecurity challenges faced by the retail sector. Our services are designed to help organisations in the sector protect their data and systems from cyber threats. We work closely with our clients to provide objective and independent guidance. Our team includes experienced security professionals with extensive knowledge of the retail sector.
Protect your business from increasing cyber threats against retailers, by partnering with AMR CyberSecurity.
AMR CyberSecurity has extensive experience in security penetration testing and only uses experienced, qualified, vetted security testers. All of our tests are carried out in accordance with our robust security testing methodology.
AMR CyberSecurity is committed to providing our clients with the best customer experience. Our tried and tested methodology ensures efficient and accurate initial engagement and scoping, scheduling, delivery and reporting.
AMR CyberSecurity is an approved PCI Qualified Security Assessor (QSA) Company. We have over a decade of experience guiding multinational organisations through the difficult and ever-changing obligations of PCI DSS.
AMR CyberSecurity is certified in accordance with ISO27001 and ISO9001, providing customers assurance that we manage our quality and internal security in accordance with best practice standards.
AMR CyberSecurity is an NCSC CHECK, CREST and STAR approved company with a team of experienced principal consultants holding the highest technical qualifications, providing our customers with robust assurance that our security testing methodologies and processes are in accordance with industry best practice.
Contact us today at enquiries@amrcybersecurity.com to discuss how we can support your organisation's cyber security journey.
