.jpg)
New research from LevelBlue reveals a significant surge in cyber threats is compelling retailers to bolster their digital defenses. The 2025 Spotlight Report highlights that the industry is facing a higher volume of sophisticated attacks, with AI-powered threats and deepfakes creating new complexities that many organizations feel unprepared to handle, pushing cybersecurity to the top of the C-suite agenda.
44% of retailers report a significantly higher volume of cyber attacks.
34% of retail organizations suffered a breach in the past 12 months.
Only 25% feel prepared for AI-powered threats, though 45% expect them.
Supply chain security is a major blind spot, with 47% having low visibility.
67% of executives say high-profile breaches have pushed cybersecurity up the C-suite agenda.
Retailers plan to invest in application security (66%) and cyber-resilience processes (65%).
The retail threat landscape is intensifying as criminals leverage advanced technologies. While 45% of retail executives expect AI-powered threats, only 25% feel prepared for them. Similarly, 44% anticipate deepfake attacks, but just 33% believe they are ready. This preparedness gap is exacerbated by ongoing supply chain challenges, with nearly half (47%) of executives reporting very low to moderate visibility into their software supply chain, creating significant vulnerabilities.
In response to these increasing threats, retailers are taking proactive steps to integrate cybersecurity into their core business operations. The report indicates that 60% of executives say their cybersecurity team is integrated with lines of business, and 51% note that leadership roles are measured against cybersecurity performance indicators. Kory Daniels, Chief Security and Trust Officer at LevelBlue, emphasized the urgency, stating, “Criminal activity and nation state-backed actors are leveraging AI to increase the sophistication, volume, and success of their attacks. It is imperative for businesses to adopt a resilience-by-design playbook to have success defending their clients, suppliers, and organizational data.”
To prepare for evolving threats, retailers are prioritizing specific investments. The top areas for significant investment include application security (66%), cyber-resilience processes across the business (65%), and defenses against generative AI for social engineering attacks (63%). Based on its findings, LevelBlue recommends four key steps for retailers: push cyber resilience up the organization, embed cybersecurity responsibilities throughout the organization, be proactive rather than reactive, and prioritize resilience in the software supply chain.
The collective findings underscore a critical shift in the retail sector. As the line between business innovation and security blurs, building a cyber-resilient culture and integrating advanced threat management are no longer optional but essential for maintaining consumer trust and ensuring business continuity in an increasingly hostile digital environment.
About LevelBlue
LevelBlue reduces risk and builds lasting resilience so organizations can innovate and advance their mission with confidence. As the world’s most analyst-recognized and largest pure-play managed security services provider, LevelBlue elevates client outcomes that matter: stronger defense, faster response, and sustained business continuity. LevelBlue combines AI-powered security operations, advanced threat intelligence, and elite human expertise to provide the most comprehensive portfolio of strategic advisory, managed security, offensive security, and incident response services.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.