Event round-up: Cyber resilience in the UK retail sector
Bringing together retail leaders, cyber security specialists, communications experts, and insurance professionals, the discussion provided a multi-faceted analysis of the sector’s risks—reflecting the cross-specialism collaboration required in the aftermath of a cyberattack.
With insights from Rob Demain, CEO at e2e Assure, and Marcin Roth, Senior Cybersecurity Manager at Currys, to set the scene, the session explored both a high-level view of the threat landscape and first-hand perspectives on the operational challenges of building resilience in the retail sector.
Threat landscape
Retail remains a high-value target due to its reliance on system availability, extensive customer data, and complex IT environments that often include legacy systems and vulnerable supply chains.
Evolving trends include:
- Credential and geolocation manipulation: Attackers increasingly use legitimate credentials and mimic employee or customer login behaviour to gain undetected access. Once inside, they establish multiple backdoors to maintain persistence and enable repeated entry even after detection.
- Insider threat: Threat actors identify and coerce or incentivise specific employees - often through social media profiling or financial offers - to share login details or sensitive information (often taken from employee’s personal social media).
- Supply chain attacks: As larger retailers strengthen defences, attackers are shifting focus to their smaller suppliers with weaker security measures, exploiting their connections to gain access to primary targets.
Challenges for retailers
While the nature of cyber threats is well understood, operational barriers continue to hinder stronger resilience. Three key challenges emerged from the discussion:
- System vulnerabilities: Legacy POS infrastructure, supplier due diligence gaps, uncontrolled device use (“grey IT”), and poorly managed cloud migrations remain major exposure points.
- Board-level engagement: Tight margins and rigid contracts can lead to cyber security being under-prioritised and viewed as a technical issue or sometimes a barrier, rather than recognising its critical role in enabling and maintaining business continuity.
- Transient workforce: High employee turnover disrupts security culture and increases the risk of untrained staff falling victim to social engineering or insider manipulation.
Reflections and next steps
Attendees broadly supported the adoption of a solution-focused approach to cyber resilience, moving beyond awareness to practical implementation. Rather than relying solely on executive tabletop exercises, retailers should invest in technical, cross-functional simulations that involve IT, communications, HR, legal, and supplier teams to build operational readiness. Furthermore, strengthening supply chain security through flexible, risk-based contracts and early inclusion of security KPIs can help overcome long-standing procurement barriers.
Right now, due to recent high-profile attacks on UK retailers, cyber resilience is at front of mind, but focus can change depending on other events that can impact retail businesses. Therefore, at Board level, improving cyber literacy and accountability remains key — through regular threat briefings, inclusion of cyber experts at a director level, and clear financial cases that link security investment to business continuity and reputation protection.
techUK will continue to explore how we can support activity in this space and welcomes member input to expand the knowledge base and foster collaborative solutions to address the retail sector’s growing cyber security challenges.
Olivia Staples
Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.