The holiday shopping season is here, and surging cyberattacks put retail operations at risk. According to VikingCloud’s 2024 Holiday Cyber Threat Survey , 80% of retailers have already experienced a cyberattack in the past year, with nearly all hit multiple times.
Retailers will be even more vulnerable in the final months of the year: 52% report being at increased risk during the 2024 holiday shopping season – more than at any other time. According to retailers, cyber risks increase due to the surge in in-store and online shoppers, internal cyber workforce challenges, and the targeting of business-critical point-of-sale (POS) devices.
Retailers must recognize cyber vulnerabilities and protect their digital systems from cybercriminal grinches looking to dampen their holiday spirit – and sales.
Here’s what to know to make the holidays more secure.
The Top 3 Holiday Season Cyber Risks
VikingCloud’s proprietary research identified the top 3 cyber vulnerabilities most likely to disrupt retail business operations:
- Strained Teams with Weak Links: Cyber workforce challenges are the biggest cybersecurity hurdle during the holiday season. 2 of the top 4 cyber challenges retailers report directly relate to an overextended workforce caused by employee shortages and turnover (50%) and an influx of seasonal employees with limited cybersecurity training (46%).
Human error is one of the main causes of data breaches, often linked to inadequate cybersecurity training. The seasonal influx of temporary employees means more people with limited awareness of internal cyber policies. In fact, VikingCloud’s research uncovered that 78% of seasonal employees do not receive social engineering training, 56% lack safe internet and social media usage guidance, and 56% do not receive mock email phishing training. Cybercriminals often attempt the easiest entry point - and seasonal workers are a prime target.
These staffing vulnerabilities are compounded by a stretched internal IT team that is overwhelmed by the sheer number of cyber alerts to vet daily. The number one challenge retailers report is limited internal IT resources to keep up with modern-day cyberattack methods (52%).
Understaffed and underequipped teams create the perfect winter holiday storm for retailers. And when the inevitable cyberattack happens, 12% of retailers report having to lay off employees because of financial impacts. That means even fewer resources with which to fend off the next cyber threat.
- Increased Exposure: The surge in both in-store and online holiday shopping makes the holiday season the most vulnerable time of year. The sharp increase in payment card transactions emerges as one of the biggest vulnerabilities: 52% of retailers report being more at risk during the 2024 holiday shopping season than any other time over the previous 12 months.
Retailers face a wide range of cyberattacks with the potential to disrupt holiday shopping including supply chain attacks (52%), data breaches (48%), phishing attacks (32%), and denial-of-service (DoS) attacks (32%). The danger of a supply chain attack is a stark reminder of the importance of third-party visibility.
- Business Interruption and Financial Fallout: Damaging cyberattacks shut down business operations so consumers can’t buy products or services:
- 68% of retailers report that business downtime or operational disruptions are the most likely outcome of a cyberattack.
- 46% of companies reported that their first move upon discovering a breach is to shut down digital systems, including POS devices to ensure the cyberattack doesn't spread.
The financial effects go beyond day-to-day operations. 23% of retailers saw declines in stock prices following an attack, while 33% faced regulatory fines due to lapses in customer data protection.
The ripple effects of cyberattacks can deeply impact customer trust and brand reputation. After a breach, 53% of retailers report damage to their reputation, potentially driving customers to competitors. Unfortunately, in an attempt to protect brand image, 44% of retailers report having withheld incident details from the public. This theme of underreporting and lack of transparency leaves consumers in the dark about potential risks, raising concerns about whether brands are truly safeguarding their data.
Prepare for a Safer Holiday Season with an MSSP
To address heightened risks this holiday season, retail companies should invest in advanced technology and comprehensive training to protect revenue and brand reputation. But retailers don’t have to go at it alone. It takes a team to get through the holidays. While retailers focus on delighting their customers and meeting demand, VikingCloud’s Managed Security Service offering can be an extension of their internal cyber teams.
Managed Security Services Providers (MSSPs) offer a range of services, including threat detection, incident response, compliance management, and more. MSSPs can minimize downtime and financial losses tailored to the unique cybersecurity needs of retailers. With a combination of specialized talent, flexibility to package up specific services within budgetary constraints, and best-of-breed technology, MSSPs are the solution of choice for leading retailers.
The holiday season can make or break a retailer's year. Upwards of a third of annual retail revenue comes from holiday shopping sales. Robust cybersecurity is an essential piece of retailers' holiday season strategy. Uplevel your cybersecurity posture with VikingCloud to ensure your business operates uninterrupted in the face of sophisticated cyber threats.
Learn more about the cyber challenges the retail industry is facing this holiday season and how an MSSP can help: Managed Security Services.