What: Four in five leading UK retailers are exposed to major cyber threats, with email security vulnerabilities affecting 9,239 critical systems.

Why it is important: This unprecedented level of vulnerability threatens the entire retail ecosystem, from supply chains to customer trust, as demonstrated by recent attacks that have impacted over 3,000 retailers through a single breach.

A comprehensive analysis of the UK's top 50 retailers has revealed alarming cybersecurity vulnerabilities, with 80% exposed to at least one form of critical cyber threat. Research by cyber risk specialists KYND identified that 38% of retailers face "critical risks" across five major categories: ransomware exposure, email security weaknesses, outdated software, vulnerable services, and certificate issues. The study found email security vulnerabilities in 80% of retailers, certificate issues in 72%, vulnerable services in 70%, outdated software in 70%, and ransomware risk exposure in 58%. Email security alone accounted for 9,239 critical issues across the companies examined. The findings follow a series of high-profile cyber attacks on major retailers, including Marks & Spencer, Co-op, Harrods, Louis Vuitton, and Adidas. KYND's chief executive Andy Thomas emphasises that even minor oversights in retailers' complex digital infrastructure can create significant security breaches, calling for improved visibility, prioritisation, and proactive monitoring of cyber risks.

IADS Notes: The latest findings mirror a troubling pattern in retail cybersecurity throughout 2025. In March, a single security update failure resulted in £5.4 billion in losses across Fortune 500 companies, while April saw the Scattered Spider attack on M&S wiping £700 million from its market value. By May, both Harrods and Co-op had suffered breaches, with the latter exposing data of 20 million customers. Industry research from April shows ransomware now accounts for 30% of retail security incidents, with average losses reaching £1.4 million per attack, while 41% of breaches occur through third-party providers.

Top UK retailers exposed to cyber vulnerabilities reaches 80%