KnowBe4 has unveiled its “Global Retail Report 2025,” which highlights a concerning evolution in the tactics employed by cybercriminals targeting the retail industry. The report indicates that credential harvesting has emerged as the predominant threat, constituting 38% of all compromised data in 2023. In contrast, the theft of payment card data has seen a decline, dropping to 25%. This shift suggests that attackers are increasingly prioritizing credentials, often acquired through phishing schemes, which enables them to gain immediate access to sensitive information and personal accounts.
The frequency of cyberattacks in the retail sector has surged, with a staggering 56% increase reported in 2023 compared to the previous year. This alarming trend positions the retail industry among the top five sectors targeted by cybercriminals. Furthermore, the average cost associated with a data breach in retail has escalated to $3.48 million in 2024, marking an 18% rise from 2023. These statistics underscore the escalating risks and financial implications that retail businesses must confront.
Geographically, the data indicates that North America is experiencing the highest rate of attacks, accounting for 56% of incidents, followed by Latin America at 32% and Europe at 11%. Notably, the U.S. retail sector is the epicenter of global ransomware attacks, responsible for 45% of these incidents while holding only a 28% market share. This discrepancy highlights the vulnerabilities inherent in the retail space and the targeted nature of these attacks.
To mitigate such threats, KnowBe4 emphasizes the importance of proactive measures, particularly through security awareness training. Organizations that engaged in ongoing training and simulated phishing exercises for a year or more reported a significant decline in employee susceptibility to phishing attacks. In large retail firms, employee vulnerability decreased dramatically from 42.4% to just 5.2%, indicating that robust training programs can effectively bolster defenses against cyber threats.
Stu Sjouwerman, CEO of KnowBe4, stated that the shift towards credential theft over payment card data marks a critical change in cybercriminal priorities. Given that stolen credentials can bypass traditional security mechanisms—such as passwords and two-factor authentication—the potential for significant damage rises. He emphasizes that integrating frequent security awareness training into a comprehensive security strategy is essential for retail organizations aiming to manage human risk.
Analyzing the tactics used in these attacks through the lens of the MITRE ATT&CK framework reveals several relevant adversarial techniques. The initial access may involve phishing campaigns designed to harvest credentials, while the persistence and privilege escalation tactics could enable attackers to maintain access and elevate their privileges within the impacted systems. Understanding these methods is crucial for developing countermeasures that can thwart potential breaches.
Overall, the findings of KnowBe4’s report serve as a stark reminder of the evolving landscape of cyber threats faced by the retail sector. With a growing emphasis on credential harvesting, retail organizations must prioritize security awareness training to enhance their resilience against such increasingly sophisticated attacks.
For further insights, the complete KnowBe4 Global Retail Report 2025 can be downloaded from their website.
