The median ransom demand for retail ransomware attacks doubled to $2 million in 2025 compared to 2024

29.69% of retail organizations reported limited visibility into their entire environment.

The Retail sector in Hong Kong experienced the highest rate of suspected digital fraud, reaching 19.4%.

59% of AI users in retail engage with AI daily.

57% of Retail professionals are very confident in their AI skills.

54% of employees in the retail industry have received training on AI safety and data security.

19% of employees in retail reported no training in AI tools.

Between 2019 and 2023, retail experienced large losses primarily from ransomware (50.0%), followed by other causes (30.0%) and data breaches (20.0%).

Healthcare, retail, and manufacturing remained the most targeted sectors.

Healthcare, retail, and manufacturing remained the most targeted sectors.

Nearly 7 in 10 retail & consumer goods organizations had APIs with misconfigured authorizations or data exposure issues. These retail & consumer goods APIs averaged 15 vulnerabilities per API.

Retail was the second most targeted sector for email-based attacks in Q2 2025, accounting for 20% of attacks.

The retail sector saw its highest ever Q2 2025 ransomware attack volumes, with publicly disclosed incidents jumping by 58% compared to Q1 2025.

In one analysis, retail had 30.9% vulnerable web applications.

In one analysis, retail had 29.8% vulnerable APIs.

Top 5 industries by web‑app vulnerability: Education: 35.3%, Retail: 30.9%, Government: 30.4%, Professional Services: 30.1%, Media: 25.7%.

In one analysis, retail had 27% of vulnerable assets across cloud, APIs, and web applications.

In one analysis, retail had 27% of vulnerable assets across cloud, APIs, and web applications.

In one analysis, retail had 23.3% vulnerable cloud assets.

Top 5 industries by cloud‑asset vulnerability: Professional Services: 25.0%, Retail: 23.3%, Government: 18.4%, Education: 17.6%, Media: 13.8%.