Monday, April 20, 2026
Latest:

The London Business Journal

London's number 1 business magazine for news, features business, commerce and entrepreneurship in the UK and worldwide

Cyber Security Retail 

EIGHT IN TEN TOP UK RETAILERS FACE CRITICAL CYBER SECURITY RISKS, REPORT WARNS

NewsDesk , , , , , , , , , , , , ,

Email flaws, outdated software and ransomware vulnerabilities leave retail giants dangerously exposed, says KYND

A staggering 80% of the UK’s top 50 retailers are exposed to at least one form of critical cyber vulnerability, according to new research released by cyber risk specialists KYND — exposing major weaknesses in the cyber defences of some of the country’s best-known high street and online brands.

The analysis, which assessed the cyber posture of the 50 highest-revenue retailers in the UK, revealed that more than a third (38%) of them face simultaneous critical threats across all five major cyber risk categories: ransomware exposure, email security weaknesses, outdated software, vulnerable services, and digital certificate issues.

Andy Thomas, CEO of KYND

KYND classifies these vulnerabilities as “critical” or “red” risks — threats that are highly likely to result in operational disruption if left unaddressed.

Among the most alarming findings:

  • 80% of retailers had email security vulnerabilities

  • 72% had certificate misconfigurations or expired digital certificates

  • 70% were running vulnerable services

  • 70% used outdated software

  • 58% were at risk of ransomware attacks

These findings come in the wake of a series of damaging cyber attacks on major UK retailers, including M&S, Harrods, and the Co-op. M&S recently revealed that a hack that began in April could cost the business upwards of £300 million in lost profits.

“Retailers hold enormous volumes of sensitive data and operate complex supply chains, so even a seemingly minor oversight — like an expired certificate or unpatched software — can quickly become an open door to attackers,” warned Andy Thomas, CEO of KYND. “These results are a wake-up call for the sector to focus on the fundamentals: visibility, prioritisation and proactive monitoring.”

Four in five of the UK’s top 50 retailers are exposed to at least one form of critical cyber vulnerability, according to KYND. Picture credit: Dusan Petkovic

Email security emerged as the most widespread issue, with KYND identifying 9,239 critical issues across the 50 companies — leaving many open to phishing, spoofing and impersonation attacks. Vulnerable services and certificate problems also represented hundreds or thousands of additional ‘red’ risk points, with 1,180 and 1,073 issues respectively.

Worryingly, over a third of retailers are facing overlapping vulnerabilities across multiple threat categories, creating compounded exposure that significantly increases the risk of a successful attack.

In response to the findings, KYND has issued a call to action for the retail industry, urging firms to:

  • Gain full visibility over their external digital infrastructure

  • Prioritise patching of actively exploited vulnerabilities, including those listed in CISA’s Known Exploited Vulnerabilities (KEV) catalogue

  • Tighten email security protocols and renew outdated or misconfigured digital certificates

  • Move from static, point-in-time risk assessments to continuous monitoring of the attack surface

  • Evaluate and support the cyber resilience of third-party suppliers and partners

“Today, cyber risk is a board-level concern with serious financial, operational, and reputational implications,” said Thomas. “For retailers operating in an increasingly digital environment, managing cyber risk as a core business risk is essential to maintaining resilience and protecting long-term value.”

Founded to provide actionable cyber risk intelligence, KYND continues to work with organisations across sectors to identify and remediate vulnerabilities before they can be exploited — with this latest research shining a spotlight on the urgent need for the retail sector to strengthen its cyber hygiene.

You May Also Like

DUCK & DRY EXPANDS LONDON FOOTPRINT WITH WHITELEY’S SALON OPENING

NewsDesk

LEWISHAM SHOPPING CENTRE STRENGTHENS TENANT LINE-UP AHEAD OF £160M TOWN CENTRE TRANSFORMATION

NewsDesk

CYBERSECURITY FIRM A-LIGN OPENS LONDON OFFICE AMID REGULATORY BOOM

NewsDesk

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by