A majority of the UK’s largest retailers are facing significant cyber vulnerabilities, with new analysis suggesting that critical weaknesses in digital infrastructure remains widespread.
The findings come amid a spate of cyber incidents affecting high-profile retail organisations.
Research from cyber risk firm KYND revealed that four in five of the UK’s top 50 retailers were exposed to at least one serious cyber vulnerability. More than a third showed weaknesses across all five major risk areas: ransomware exposure, outdated software, vulnerable services, email security flaws and digital certificate issues.
Among the most common vulnerabilities were email security misconfigurations, found in 80% of retailers surveyed. KYND identified thousands of unresolved critical risks, including over 9,000 email-related issues, more than 1,000 vulnerable services, and 1,073 certificate errors.
The retail sector has already seen disruption from recent attacks. Marks & Spencer, the Co-op and Harrods have all reported cyber incidents in the past year. M&S alone estimated that an attack in April could cost the business up to £300 million in lost profits. The retailer is expected to file a substantial cyber insurance claim, reportedly backed by Allianz and Beazley.
Insurers themselves have also been targeted. In June, cybersecurity analysts warned that the hacking group Scattered Spider had turned its attention to insurance firms, using impersonation tactics and social engineering to bypass defences. The shift in focus follows a pattern of cybercriminals targeting entities that hold large volumes of sensitive data.
According to Marsh, UK cyber insurance claims fell in 2024 but remained above pre-2023 levels. The broker reported that extortion, data theft and supply chain attacks continued to drive losses, and claims volumes remained higher than expected.
Andy Thomas, chief executive at KYND, said retailers often overlook basic protections, leaving digital infrastructure exposed. “Even a small oversight—like an expired certificate or unpatched software—can open the door to attackers,” he said.
The report noted that many of the vulnerabilities identified were visible externally, making them accessible to threat actors without the need for internal compromise. With overlapping risks compounding exposure, insurers are likely to face increased pressure to assess cyber resilience more closely during underwriting.
As digital risks escalate across sectors, both retailers and insurers are being urged to treat cyber threats as a core business risk, requiring ongoing monitoring, supplier oversight, and proactive remediation.
