SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Phishing
#
Cybersecurity

KnnowBe4's global report finds rising cyber threats aimed at retail sector

Today
Author image
By Melania Watson, Interview Editor

KnowBe4 has released its "Global Retail Trends Report 2025," highlighting a significant shift in cybercriminal strategies aimed at the retail sector.

The report, published by the cybersecurity platform, indicates that credential harvesting through phishing attacks has emerged as the leading threat, responsible for 38% of all compromised data in 2023. This marks a change from previous trends where payment card data theft, now at 25%, was the primary concern.

The retail sector has witnessed a notable increase in cyberattacks, with incidents rising by 56% in 2023 compared to the previous year, positioning it among the top five industries targeted by cybercriminals. The financial implications are substantial, with the average cost of a retail data breach climbing to USD $3.48 million in 2024, an 18% escalation from 2023 figures.

Key insights from the report reveal that North America bore the brunt of these cyberattacks, experiencing 56% of such incidents.

Latin America followed with 32% of reported attacks, while Europe accounted for 11%. The U.S. retail sector alone was responsible for 45% of global ransomware attacks, despite representing just 28% of the market share, highlighting retail as the second most targeted industry in this regard.

The report also emphasised the importance of procedural defenses, noting that sustained security awareness training and simulated phishing exercises can significantly reduce employee susceptibility to phishing schemes.

Over a year, large retail organisations lowered their vulnerability from 42.4% to 5.2%.

Similar improvements were observed in small and medium-sized retail businesses, with phishing susceptibility rates decreasing to 4.7% and 4.5%, respectively, following comprehensive training.

Stu Sjouwerman, Chief Executive Officer of KnowBe4, commented on the findings, "Our research reveals a critical shift in how cybercriminals are now prioritizing credential theft over payment card data. Stolen credentials allow immediate access to personal accounts, bypassing security measures like passwords and two-factor authentication."

"The good news is that organizations implementing frequent security awareness training are seeing dramatic improvements, demonstrating that human risk management must be a core component of any retail organization's security strategy."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
ManageEngine's Log360 evolves into security analytics hub
Empowering women in tech: Bridging leadership gaps
KnowBe4 named Cybersecurity Company of the Year 2025
Bitdefender joins AWS programme to boost global presence
NVIDIA to host AI-focused GTC 2025 in San Jose, March
Top stories
CyberArk, Device Authority & Microsoft enhance IoT security
Exclusive: CyberArk's Rahul Dubey discusses the future of identity security
Keepit report highlights crucial role of data governance
ExpressVPN unveils Lightway Turbo to boost VPN speeds
Exclusive: How NetApp is navigating the fourth wave of technology with AI-driven data infrastructure