The retail industry is witnessing a considerable rise in AI-based cyber-attacks targeting retailers. A big jump in attacks has been reported by close to half of all retailers. Contemporary cyber threats now encompass advanced, AI-powered attackers that are overwhelming even the most experienced security professionals.
Figure 1: Concept image of AI-powered malware
Artificial intelligence cybercrimes in retail have brought up a new set of security issues. AI-powered malicious actors are used by attackers to make scams appear more realistic. Two in three retail executives say employees have a hard time telling real threats from the most advanced attacks.
Rising Threat Volume Overwhelms Retail Defences
New research from LevelBlue reveals concerning statistics about current attack patterns:
- 44% of retailers face substantially higher attack volumes
- 34% have suffered security breaches within the past year
- Two-thirds of executives report increased difficulty in threat detection
The rapid digital transformation of retail operations has expanded attack surfaces dramatically. Criminal organisations and nation-state actors now deploy AI to enhance attack sophistication. These retail supply chain risk AI threats multiply quickly across interconnected systems.
Retail Supply Chain Risk AI Exposes a Dangerous Preparedness Gap
Despite increased awareness of AI cybersecurity threats in retail, preparations are not keeping pace. Just 25% of retail executives believe their companies are prepared for AI-based threats. This stands in stark contrast to the 45% of people who anticipate such incidents.
Figure 2: Representation of threat actors using AI-enhanced hacking tools
Another rising threat to the industry is Deepfake tech. Only 33% of executives say they are ready to face deepfake threats. Yet 44% expect a deepfake or synthetic identity-related incident in the months ahead.
Supply Chain Security Creates Hidden Vulnerabilities
The retail supply chain risk AI landscape extends beyond direct company systems. Nearly half of executives report very low to moderate visibility into supplier security. Only 22% prioritise engaging suppliers about security credentials for next year.
Software supply chain security remains a critical blind spot for retailers. Interconnected systems mean a single supplier breach can cascade throughout operations. Third-party marketplace platforms and re-commerce models expand these vulnerabilities further.
Figure 3: Kory Daniels, Chief Security and Trust Officer at LevelBlue
Kory Daniels, Chief Security and Trust Officer at LevelBlue, emphasises the urgency. “Criminal activity and nation-state-backed actors are leveraging AI to increase sophistication,” he states.
AI Cyber Threats for Retailers Push Cybersecurity to the Boardroom
Recent security incidents have elevated cybersecurity priority at executive levels. Some 67% of executives from breach-affected companies report heightened C-suite focus. Cybersecurity now ranks among the top-five agenda items for boardroom discussions over twelve months.
Trust between retailers, consumers, and suppliers relies on robust security. Popular brands and customer trust are severely disrupted by high-profile breaches. Business leaders understand that cyber resilience is fundamental to business continuity and revenue.
Proactive Measures Gain Traction Across Sector
Retail organisations are taking steps to address AI cyber threats systematically for retailers. Current organisational changes include:
- 60% of executives report cybersecurity team integration with business lines
- 51% say leadership roles include cybersecurity performance measurements
- 44% believe risk management aligns with business risk appetite
- 40% describe an effective company-wide security culture
However, significant gaps persist in achieving comprehensive security across all operations. Cultural transformation remains an ongoing challenge for many retail organisations.
Investing to Combat AI Cyber Threats for Retailers
Future spending plans reflect the urgency of addressing retail supply chain risk AI. Retailers plan significant investments in multiple security areas:
- Application security (66%)
- Company-wide cyber resilience processes (65%)
- Generative AI countermeasures for social engineering attacks (63%)
- Machine learning tools for pattern matching (63%)
These technologies offer proactive defence against increasingly sophisticated attack methods. Advanced threat detection capabilities become essential as AI-powered attacks evolve.
Figure 4: Executive Boardroom Cybersecurity Discussion
The LevelBlue research surveyed 1,500 C-suite and senior executives across 14 countries. The quantitative study, conducted by FT Longitude in January 2025, included 220 retail respondents. Seven specific industries participated, providing comprehensive cross-sector threat landscape insights.
Four Strategies to Overcome AI-Driven Cyberattacks in the Retail Sector
LevelBlue recommends essential actions for retailers to strengthen security posture:
- Push cyber resilience up organisational hierarchies as priority one
- Embed cybersecurity responsibilities throughout the entire organisation
- Invest proactively in advanced threat detection and response technologies
- Demand supplier transparency on cybersecurity credentials
Elevating Cyber Resilience To Board Level
Integration of cyber-resilience considerations with business decisions at the highest levels proves essential. Board-level engagement ensures adequate resource allocation and strategic focus on security initiatives.
Building Company-Wide Security Culture
A cyber-resilient culture across entire operations strengthens human defences against social engineering. Every employee becomes part of the security framework through ongoing training and awareness.
Investing In Advanced Threat Detection
Proactive investment in exposure and vulnerability management systems identifies risks before exploitation occurs. Reactive approaches no longer suffice in today’s rapidly evolving threat environment.
Figure 5: Digital supply chain security concept
Strengthening Supply Chain Transparency
Mandating security standards across software supply chains reduces hidden vulnerabilities. Third-party risk assessment must become standard procurement practice for all supplier relationships.
Daniels notes that whilst many organisations take proactive steps, challenges remain significant. “There is still an opportunity for organisations to close critical gaps,” he explains. Continued investment and sustained cyber-resilient culture prove necessary for effective defence.
The retail sector’s rapid evolution demands equally dynamic security approaches. AI cyber threats for retailers will continue to intensify as technology advances. Organisations that build resilience-by-design frameworks today will maintain a competitive advantage tomorrow.
ALSO READ: Inside ANZ’s 2025 Shareholder Meeting: How to Join, Vote and Participate Online
FAQs
Q1: What are AI cyber threats for retailers?
AI cyber threats for retailers involve malicious actors using artificial intelligence to conduct sophisticated attacks. These include AI-powered phishing, deepfakes, and automated vulnerability exploitation targeting retail systems.
Q2: How widespread are cyberattacks in the retail sector?
Research shows 44% of retailers experience significantly higher attack volumes currently. Additionally, 34% have suffered security breaches within the past twelve months.
Q3: What is retail supply chain risk AI?
Retail supply chain risk AI refers to vulnerabilities introduced through interconnected supplier systems. Nearly half of retail executives have limited visibility into their software suppliers’ security measures.
Q4: Are retailers prepared for AI-powered cyberattacks?
Only 25% of retail executives consider their organisations prepared for AI-powered threats. This represents a significant preparedness gap despite 45% expecting such attacks.
Q5: What investments are retailers prioritising for cybersecurity?
Retailers prioritise application security (66%), company-wide cyber resilience processes (65%), and generative AI countermeasures (63%) for future investments.
