IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Uk retail store cyber security digital padlocks warning customer data
#
Malware
#
Ransomware
#
Phishing

UK retail cyber attacks spread evenly, not linked to key events

Fri, 28th Nov 2025
Author image
By Sean Mitchell, Publisher

New analysis of data security incidents in the UK retail and manufacturing sector suggests that cyber attacks are not concentrated around prominent shopping events but instead occur throughout the year, challenging widely held assumptions about when businesses are most at risk.

Incident distribution

Between the third quarter of 2024 and the second quarter of 2025, there were 1,381 reported breaches in the retail and manufacturing sector, according to figures from the UK Information Commissioner's Office (ICO). These incidents were relatively evenly distributed: 23% occurred in the third quarter of 2024, 26% in the fourth quarter, 23% in the first quarter of 2025, and 28% in the second quarter.

The highest number of incidents fell in the second quarter of 2025, rather than during the holiday quarter when retailer activity peaks due to events like Black Friday. This data suggests that cybercriminals do not confine their efforts to high-profile shopping periods.

Nature of breaches

Of the 1,381 breaches recorded, 618 were attributed to common threats such as brute force attacks, hardware or software misconfigurations, malware, phishing, and ransomware. These types of attacks are generally considered preventable with effective security controls. Despite this, these preventable incidents affected 4.5 million people out of a total of 8.26 million impacted by retail and manufacturing breaches during the year.

The data also show that retail breach victims are more likely to be customers, with 58% of preventable retail breaches affecting customer data, compared with a national average of 31%. However, there was an even greater risk to employees, as 63% of retail breaches exposed employee data, much higher than the 29% average across all sectors.

Valuable data exposed

Retail attacks were also more likely to involve valuable types of information than the overall average for UK data breaches. Economic and financial data, such as payment or banking details, were exposed in 34% of preventable retail incidents, compared with 16% across all sectors. Identification data, often derived from loyalty schemes, appeared in 19% of preventable retail cases, versus 8% for the wider average. Official documents such as passport details were exposed in 25% of incidents, compared with 9% more broadly.

Detection speed

Retailers were found to be slightly faster at identifying and reporting data breaches, averaging 78 days compared to an overall average of 80 days across industries. However, the speed of response remains a matter for concern given the nature and sensitivity of the data at risk, and the large numbers of individuals potentially affected by each breach.

Consistent patterns

This pattern of incidents stretching across all quarters is not new. Analysis of data collected since 2019 supports the finding that attacks do not concentrate during particular months. Of more than 6,400 reported incidents in retail and manufacturing, 26% occurred in Q1, 29% in Q2, 22% in Q3, and 22% in Q4 over the past five years.

Industry response

"Attackers are opportunistic: they'll strike when it most suits them. Disrupting Black Friday sales or demanding a ransom might be an impressive prize, but successful attacks can happen when a business is most vulnerable, not when it's on its highest possible alert. Ensuring the business is following best practices and controls that enable it to react swiftly to identify and triage any issues are the most impactful actions an organisation can take to prevent attacks," said Piers Wilson, Head of Product Management, Huntsman Security.

"We can see from the ICO's data that a relatively small number of types of incident have the greatest impact, and target the most valuable information. To prevent these, retailers need to move towards a mindset of continuous assurance that their defences are operating or drifting into a vulnerable state. If regular attacks are spotted sooner and prevented from becoming major breaches year-round, cybersecurity teams can instead concentrate on more major events that could strike at any time," said Wilson.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cyber Monday outpaces Black Friday as peak for UK online orders
UK shoppers demand price parity across online & physical stores
Autumn Budget criticised for vague AI plans & lack of cyber focus
UK Autumn Budget welcomes FinTech boost but needs AI & cyber plan
Umbraco 17 launches with load balancing & upgrade pathway

Top stories

Photonics seen as key to greener AI as energy use surges in Europe
UK 2025 Budget sparks debate over innovation, tax & AI policy
Black Friday: shoppers & retailers face rising cyber threats
Utelize secures multi-million GBP £ investment from BGF for growth
One in three Britons struggle to connect smart tech at home